Employees can serve as a strong first line of defense against cyber attacks

Fortinet, the global cybersecurity leader driving the convergence of networking and security, recently released its annual 2024 Security Awareness and Training Global Research Report, highlighting the crucial role a cyber-aware workforce plays in managing and mitigating organizational risk.

According to the report, employees can be an organization’s first line of defense, but leaders are increasingly worried that their employees lack security awareness. Nearly 70% of those surveyed believe their employees lack critical cybersecurity knowledge, up from 56% in 2023.

More than 80% of organizations faced attacks last year, such as malware, phishing, and password attacks that directly targeted individuals. As malicious actors use AI to increase the volume and velocity of their attacks, leaders believe these threats will be harder for their employees to spot. More than 60% of the survey respondents expect more employees to fall victim to attacks in which cybercriminals use AI. However, the good news is that most respondents (80%) also say enterprise-wide knowledge of AI-augmented attacks has made their organizations more open to implementing security awareness and training.

As attacks evolve, security awareness and training will only become more vital. Nearly all (96%) of those surveyed say their leadership team supports employee security awareness training, and phishing prevention is a component of their training programs and plans. Other top training priorities include data security (48%) and privacy (41%).

While security and IT teams are crucial to safeguarding organizations against cyber threats, an enterprise’s employees also play an important role in preventing breaches. Most leaders say their employees view security awareness and training positively. Organizations also saw improvements in their security posture after security awareness and training were implemented.

Most organizations are motivated to introduce security awareness and training based on their experience of being breached or knowledge of threats in their industry or sector. Almost all decision-makers (96%) say their leadership team supports implementing training to raise employees’ cybersecurity awareness.

According to this year’s survey, 97% of leaders think increased employee awareness would strengthen the organization’s cybersecurity posture. Yet respondents also agree that there are key attributes of training programs that are important for effectiveness.

Engaging content is paramount. While 86% of decision-makers say they are satisfied with their current security awareness and training solution, the biggest complaint was a lack of engaging content among those not satisfied.

Consider the time commitment required. Avoid training fatigue by considering the amount of time required from learners. Demanding too much time from employees can overburden them. Between 1.1 and 2.0 hours is the most common time proposed, with three hours as the average.

One breach incident alone has significant repercussions for a business. It is vital to build a three-pronged defense strategy that includes security awareness and training for all employees, technical cybersecurity skills for IT and security staff, and advanced security solutions for the network.

Beyond teaching individuals what to do when they encounter threats, awareness and training lay the foundation for creating a culture of cybersecurity throughout the organization.

Fortinet offers its Security Awareness and Training service to businesses that want to develop a cyber-aware workforce. Designed by the Fortinet Training Institute’s world-class trainers, this service covers a broad range of topics, offers content customization opportunities, and reinforces learnings with periodic reminders and checks. Organizations using the service also have access to a variety of dashboards to track learner progress and reporting to address cyber insurance and compliance needs.