Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Updating Your Security Awareness Training Strategy

As the saying goes, your organization is only as secure as your weakest link. And while that’s true for your network and environment, it’s also true when it comes to your organization’s employees.

Criminal hackers and threat actors know that employees are an attack vector that’s difficult to safeguard with tools and software. That’s why so many resources are devoted to exploiting them via phishing, business email compromise [BEC], and social engineering attacks. The 2020 Trustwave Global Security Report found that 50% of incidents from phishing and social engineering cause the most frequent breaches across multiple corporate environments.

So, while you may have the latest in security tools, a fully equipped and staffed security department, and full visibility of your network, it may be all for moot if an employee accidentally opens a malware-infected attachment and unleashes it on your network.16965_picture1

That’s why security awareness training is incredibly important to make sure your employees know what attacks look like, what to look out for, what to do if they encounter an attack, and what processes to follow.

But if you’re only providing security awareness training during an employee’s onboarding and never follow-up, your employees aren’t likely to retain the information and the information will be quickly outdated. There’s a better alternative.

Update Your Training Annually

One of the most effective ways to ensure your employees know what risks to look out for is to have a security awareness training program that refreshes every year. This helps ensure you can update your training to account for any new threats or attacks, and you can tailor your training to new changes within your organization. Your security awareness training must reflect the unique risks your company faces and should be updated every time your employees undergo new awareness training. Here are a couple of questions worth asking

Has the workforce changed?

One of the biggest changes that has affected the majority of companies is the shift to remote work. That brings its own set of cybersecurity challenges and risks, especially on the employee-side of things. Your awareness training needs to reflect that and make sure it’s addressing their new environment. Without accommodating for these new risks, you’re just training employees on outdated information.

Has the company grown significantly? Where?

A company’s growth informs the risks posed to it by criminals and nation-state actors, especially if a company’s growth is global. Your training should reflect the fact that your employees in different geographical locations may find themselves under different kinds of attacks.

What are the new risk trends?

Updating your training isn’t only an introspective task. You have to make sure you’re up to date on new external threats facing your organization—knowing what the most common attacks are, how new threats have evolved, and how employees are likely to be targeted. For example, new email phishing attacks are hiding malware in documents accessed via Dropbox or other cloud links so email security tools won’t flag them.

Are you accounting for your environment?

Your security awareness training should reflect the tools, software, and environment your organization is working in. Email is an obvious vector but are your employees constantly logging into cloud-based services? Are they sharing documents often? How many third-parties or subcontractors are they working with? Do these tools or products offer any kind of additional security options such as MFA or 2FA? Being as specific as possible will help tailor your program and give employees specific examples to work off of.

Consider non-work risks

Work-life balance continues to mix and it’s harder and harder to separate the two given how online everyone is these days. Even if social media isn’t a part of your company, your employees are likely to visit social media sites and a recent report found that a third of employees visit adult sites with their work laptop. Not addressing that in your training will leave your organization exposed.

Have a follow-up strategy

If your security awareness training involves simulated phishing, social engineering, (spoiler alert: it should) or similar attacks that lead to a “successful” attack or breach, then it’s important to follow up with the employees who “failed” the simulation. It’s not enough to re-test them or have them go through the same training as before. Instead, you should have a follow-up strategy that takes them through additional security awareness training and then, in time, simulates another attack to see if they fall for it again.

Consider external resources

Bringing in a team of experts or consultants to help you conduct your security awareness training program is advisable as they can provide and utilize the most up-to-date data and threat intelligence while also applying specific training tailored to your environment based on your employee size, industry, and products.

Why Security Awareness Training is Worth It

Security awareness training should be considered as an investment in risk management. By making your employees aware of the threats they’ll face regularly and giving them a process to follow if and when an issue occurs, you’re minimizing the risk of a huge threat vector - human error.

If you follow our best practices and guidelines, you’ll be able to be confident that your employees, new and old, will know how to keep your environment free from attacks.


Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More