Do “cybersecurity awareness” campaigns have an actual impact on your organization?

Security & GRCTraining & Certification
1.4k viewscircle icon3 Comments
Sort by:
Director of IT in Software4 years ago

These have been very helpfull for us and they certainly help. As an organization, we have seen a dramatic decrease in successful fishing attacks after running cybersecurity awareness campaigns.

In a general sense, October as cybersecurity month remind a lot of companies to run awareness campaign, that reminded their employees to be vigilant, not click on email links from unknown senders etc. Over the years this has been perhaps less effective as the threat actors adapted new more sophisticated methods, but in my opinion humans (employees) are still the weakest link so cybersecurity awareness campaigns are beneficial.

VP, Chief Security & Compliance Officer in Software4 years ago

We are still having the same conversations that we had 10 years ago. As a professional in the security organization, it starts with taking accountability and ownership. We are past a point in time where awareness is even acceptable. We need engagement, ownership, and accountability because we already know that the actors understand how to leverage architecture in a way that's much more advanced than what we demonstrate with consistent adherence as industry practitioners. It's almost like when we get to a security awareness October each year, it's the same conversations we had the year before. As leaders in the industry, we should say, "Enough's enough—this year we're going to target X, Y, and Z."

When I was in the Health-ISAC several years ago, as leaders in the industry, we said, "For all the members in this group, we're going to attack DMARC. You're going to hit your target, update your controls and your configuration around email management practices, and we're going to address consistency in this area.” That's what we have to do as security professionals to set a path. 

Lightbulb on3
Head of Security and Compliance in Software4 years ago

Cybersecurity awareness is interesting, because as much as you read and hear about cybersecurity, there is always a gap in terms of taking it seriously, applying it in your day-to-day job, and making sure that it's always a background consideration. That's how we get into all the ongoing cybersecurity issues that we see everyday.

Lightbulb on2

Content you might like

Which key pentesting capability do current AI-driven vendor solutions most fail to cover?

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

For those who have trialed an AI pentest solution: what was the single biggest gap you encountered?

What’s your top barrier to adopting AI-driven pentesting?

Lack of mature vendor solutions50%

Trust in AI accuracy75%

Budget constraints50%

Skills to operate the tools50%

View Results

Which best describes your knowledge of the number of IoT devices (both managed and unmanaged) in your system’s network?

I know the exact number25%

I don't know the exact number, but have a dashboard that can tell it to me.59%

We don't have a way to determine that number currently.15%

View Results