Organization’s annual user training covering the gamut of compliance, security and risk topics may check the box for regulators, but it has not been shown to be effective in changing user behavior. Studies have shown that careless users and non-malicious insiders can be far more harmful to your organization’s security posture than malicious bad actors trying to do damage. Additionally, their activities add significant noise to your security monitoring environment, making it much more difficult to identify and stop the bad guys.
Changing user behavior to do the right thing is one of the key factors for the organization to improve their cyber security posture. An effective approach is to provide targeted awareness training, where the user can understand the potential negative impact that their actions can have on their employer and how it relates to their day to day activities. Bay Dynamics’ Just-In-Time Awareness Training program leverages Risk Fabric’s ability to identify the behavior of non-malicious users and repeat offenders, to automatically notify users and their managers, and sign the users up for policy violation training. Users that repeatedly violate security policies such as sensitive data for email will get signed up for a 5-10 minute training explaining the risks involved with their violation and the impact to their employer. Another set of users that repeatedly fails phishing testing will get signed up for phishing training.
Educating the broader audience helps minimize organizations’ risk and achieve tremendous cost efficiencies. Risk Fabric’s Just-In-Time Awareness Training tracks the attestation of completion of the required training, and monitors user behavior after completion. In addition to the impact on the users themselves, security awareness management and executives can monitor the effectiveness of training on actual behavior. Security Awareness dashboards show the breakdown of training topics provided by Line of Business and topic, along with metrics of the level of post training repeat violators. Clients have seen as much as an 80% drop in these behaviors in only 3 months, enabling them to focus their efforts on the real bad guys. As a result of Just-In-Time Awareness Training, Bay Dynamics clients continue to save millions of dollars every year and maintain a healthy cyber security posture.
Everybody is trying to achieve the same goal – protect the enterprise. Investigators and Vulnerability Management teams need a list of the threats and vulnerabilities that need to be addressed, prioritized by severity and potential impact. Operations needs to identify gaps in coverage and how their organization is performing in remediating threats and vulnerabilities. Executives require a top down perspective that highlights their greatest risks and how well the enterprise is being protected, so they can drive strategic and tactical improvements. Finally, Boards of Directors require a quantitative risk scorecard that enables them to understand the lay of the land, so that they can make informed decisions and provide appropriate guidance. The end goal for each of the stakeholders, whether it is the IT Team, Line of Business Leaders, C-Suite, or the Boardroom, is getting a single version of the truth from a common platform that is enriched with intelligent behavioral analytics and business context.