Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Time to reprioritise security awareness efforts

Ira Winkler and Araceli Treu Gomes | Feb. 6, 2015
Security awareness programs are frequently treated as minor elements of organizational security programs. The awareness program is frequently first to have its budget cut, and usually is minimally funded to begin with.

However as users are clearly becoming a primary attack vector, security programs need to acknowledge that more resources, or at least the appropriate resources, should be allocated to strengthening the targeted vector. While the appropriate investments need to be made in security technologies, there has to be an acknowledgement that countermeasures need to likewise address the point of attack.

There is no silver bullet when it comes to stopping attacks. However as users have been shown to be a primary target for some of the costliest attacks in the history of computer-based crimes, security programs need to start applying the appropriate resources to awareness as a countermeasure. Again, this does not mean that you don't also invest in additional technologies that help mitigate user awareness failings, but you still need to address the primary attack vector as well.

It is time to acknowledge that the most damaging attacks initially target humans, and that a proportionate amount of countermeasures needs to be allocated to making humans more security aware. It is not easy, and there are admittedly few people who know how to implement a successful awareness program. However, it is time to take  not just the threat, but the reality seriously and start focusing efforts appropriately.

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.