It’s time to pull the plug on traditional security awareness training
We know it’s hard to let go. But this is getting out of hand.
Traditional security awareness training has been on its deathbed for so long now that our eyes water whenever we get a whiff of it.
It doesn’t really do anything. The costs just don’t make sense. And the mere mention of it just makes your people sad.
It’s time to move on.
So, we’ve put together a free, online plug-pulling ceremony, ‘Security awareness is dead (or dying)’, to give you a chance to say your goodbyes.
Bring your own snacks.
The five stages of grieving traditional security awareness training
In preparation for the event, we’ve written a little about the five stages of grief, specific to the death of traditional SA&T. We hope that they’ll help you understand your feelings, and, eventually, come to terms with the loss.
Stage 1: Denial
Change can be difficult to accept. In fact, it can be outright frightening. And it’s normal to want things to stay the same. However, it’s all part of the grief process.
Signs and symptoms of denial include:
holding on to the idea that traditional security awareness training changes behavior;
relying on technological security to protect your organization from security breaches; or
believing that a security breach won’t happen to your organization.
Stage 2: Anger
Anger is a mask used to hide our emotions, or at least avoid confronting them. While it’s normal to feel angry, taking things too far can cause lasting damage to your relationships.
Anger may be driving you to do things like:
punishing people for ‘failing’ or not completing their training;
assigning even more tick-box security training to your people; or
saying things like “humans are the weakest link”;
Stage 3: Bargaining
Dealing with a flood of emotions can make you feel like you’re losing control. It’s common to agonize over all the things you could have done differently, or even try to make a deal with a higher power.
You’re probably in the bargaining stage if you’re:
requesting a budget increase for your current (traditional) security awareness training solution;
researching new vendors … that offer the same old approach to security awareness training; or
considering hiring a new IT or security department.
Stage 4: Depression
Perhaps the most difficult (and worrying) stage of grief, depression can quickly overwhelm you, so it’s important to have a strong support system in place.
You could be depressed if you’re:
weeping over all the money you wasted on traditional SA&T;
staring at your click rate and report rate data every day, while sighing heavily; or
wondering what the point of cybersecurity is.
Stage 5: Acceptance
Accepting something doesn’t necessarily mean you’re happy with it. It means you finally understand it, and are prepared to move forward.
Acceptance manifests in different forms, like:
learning more about what drives risky security behaviors;
taking steps to reliably measure risk and behavior change; or
introducing a solution that influences behaviors.