As people influence security outcomes more than technology and policies, this predicates a people centric security program that is integral to managing cyber security risk exposure. The human user is often deemed to be the weakest link in an organisation’s security program and attackers know how to exploit user behaviors. Data breach incident statistics across reports consistently identify exploitation of human vulnerability to circumvent security defenses. Improving user security awareness is regarded as an effective way to prevent data breaches.
User targeted digital threats including ransomware, phishing attacks, business email compromise (BEC) and social engineering are some of the many threats facing organisations today. The risk exposure is exacerbated by phone (vishing) and text messaging (smishing) threats across mobile devices that organisations have limited control over. Tightening compliance regulations further mandates an increase in user security competency. Any investment in strengthening security capability may be incomplete if the human user is not aware of their responsibilities and held accountable for their actions. Furthermore, over-reliance on security technology alone is proving to be ineffective and overly restrictive controls inhibit the user from fully realizing the benefits of the digital age. Striking a balance between security and usability is crucial to achieving optimal productivity.
The challenge with user security is a result of evolving threat landscape, changing work behaviour, mobility and a cloud-first strategy, that renders previous training methodology inadequate and ineffective. Simply promoting compliance policy documents without supporting programs and structures to influence behaviour and raise user awareness, will deliver limited success and user support.
Proveho Networks User Security Awareness Program
Proveho's Proposition
Proveho Networks has partnered with leading security awareness delivery vendors to provide education and awareness service programs, that are consistent with the organisation’s culture, appropriate for cross functional user-groups and delivered in an engaging manner.
Proveho’s objective is simple; to make security education and training relevant, accessible and measurable, to influence user behavior and increase an organisation’s capability to manage risk and meet compliance obligations.
