Citizen soldiers: Users must defend cyber front line

It is neither the National Security Agency nor the Cyber Command, but the user community that is on the front lines of cyber defense. The actions of users that have been attributed to a moderate percentage of cyberattack successes is what has to be addressed. We need to increase the users’ knowledge and awareness.

Given that users are on the front line, cyber threat awareness training is a must in today’s high-threat environment. However, only a small percentage of users receive awareness training about cyberattack techniques that target them. The purpose of cyber awareness training is to focus attention of users on security and common techniques used by attackers. Because this threat environment is so dynamic, cyber threat awareness training must be continual and not a one time thing.

The effort to improve awareness of cyber threats is designed to change the behavior and reinforce good security practices by computer users. To be effective at this, organizations must present meaningful and timely subjects to the general user community on a regular basis. The Technolytics Institute think tank for which I work has analyzed this area and concluded that the awareness training should be conducted every other month rather than each month. That’s because a monthly cycle seems to wear on the users and might be viewed as too received as too heavy. Technolytics found that end-user training topics must include:

    *Common mistakes.
    *E-mail threats.
    *Social engineering.
    *Phishing.
    *Passwords.
    *Cyber terrorism.
    *Common attacks.
    *Symptoms of attack.
    *Anti-virus software.
    *Spam threat.
    *Personal accountability.
    *Other connected devices.

Keeping users aware of cybersecurity threats is a critical aspect of an organization’s overall security program. If we were able to cut routine user mistakes in half, the integrity of our systems would increase exponentially.