SANS report reiterates the importance of HR for enterprise security

Over 75% of security professionals spend only 25% of their time on awareness
Ned Baltagi, managing director, Middle East & Africa at SANS
Ned Baltagi, managing director, Middle East & Africa at SANS

Share

SANS 2017 Security Awareness, a new report by leading cyber security training and certification institute SANS, has revealed the lack of time dedicated to employee training and the lack of communication skills as the key reasons organisations’ cyber security awareness programmes fail to meet their objectives.

The researchers further found that women are twice as likely as men to be dedicated full-time to cyber security awareness. The report further went on to specify human resource allocation, partnerships, hiring of dedicated professionals, and fostering of security ambassadors as the four areas organisations need to focus on to dramatically improve the effectiveness of their awareness campaigns.

“There is no doubt that awareness programs play a vital role in strengthening IT security,” stated Ned Baltagi, managing director, Middle East & Africa at SANS. “While Middle East organisations are doubling down on their security investments, the challenges cannot be solved by technology alone. The behaviour of end-users, most commonly unintentionally malicious, are often the root-cause of data breaches, which is why SANS has worked to pinpoint the shortcomings of security awareness programs and provide enterprises with a clear outline for how they can overcome these.”

Surprisingly, respondents did not cite budget constraints as an inhibitor to the success their security awareness initiatives. Instead, the biggest challenge appears to be time as over 75% of security professionals spend just 25% of their time on awareness. The report pointed out that to bring awareness up to a basic level, organisations should on average have 1.4 full time employees (FTEs) dedicated to these initiatives. This number increases to 2.6 FTEs in organisations that have the most successful awareness programs.

“In addition to dedicating the right resources and time to security awareness and working on the communications skills of security professionals, organisations should strategically leverage their budgets to hire resources who will get their awareness programs off and running. They should also identify and empower awareness ambassadors- employees who are committed to security initiatives and push their colleagues to do the same- as a cost-effective means to raise the entire organisation’s security posture,” Baltagi added.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.

Editor's Choice

Emerson expands analytics platform for industrial enterprise-level wireless infrastructure management
Plantweb Insight platform adds two new Pervasive Sensing applications that manage wireless networks more efficiently with a singular interface to the enterprise
Digitalisation seen as a competitive advantage by Middle East private businesses
Nearly 80 per cent of private business leaders acknowledge that digitalisation can impact business sustainability
Etisalat introduces Multi-Access Edge Computing architecture delivering best-in-class video streaming performance for 5G networks
MEC architecture achieves performance gains of as much as 90% in video streaming, validating how ultra-low-latency applications will be delivered over 4G and 5G networks

Most popular

Don't Miss a Story