{"id":39203,"date":"2021-01-19T21:35:00","date_gmt":"2021-01-19T21:35:00","guid":{"rendered":"http:\/\/63e71269-11ce-4542-9fab-c57b55c5b11b"},"modified":"2021-01-19T21:35:00","modified_gmt":"2021-01-19T21:35:00","slug":"awareness-isnt-enough-its-time-for-security-leaders-to-change-behaviors","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/awareness-isnt-enough-its-time-for-security-leaders-to-change-behaviors\/","title":{"rendered":"Awareness isn\u2019t enough — it\u2019s time for security leaders to change behaviors"},"content":{"rendered":"
<\/div>\n

As 2021 gets underway, there has been significant elevation not only in the influence and importance of cybersecurity, but also in the human element of security. For example, human error is now recognized as a key contributor to the overall risk profile of an organization.  <\/p>\n

Unfortunately, as an industry, we’re still struggling to manage this risk.  <\/p>\n

Also: <\/strong>Best VPNs<\/strong><\/a> \u2022 Best security keys<\/a> \u2022 <\/strong>Best antivirus<\/strong><\/a><\/p>\n

For years now, CISOs have done a remarkable job of training users to understand security risks by purchasing solutions with extensive content libraries, administrative features, and assessments measuring all manner of user failures. But this focus on creating awareness falls short of changing long-lasting behavior. And CISOs know they need to shift focus to humans on the receiving end of these programs. Many are also acutely aware that organizations with strong security cultures have employees who are educated, enabled and enthusiastic about their personal cybersafety and that of their employer.  <\/p>\n

To move beyond perfunctory awareness and training programs to changing behavior and instilling a security culture (the ABC of security), you need to do the following: <\/p>\n