Some of security's toughest nuts to crack are the vulnerabilities introduced by the human element. Users are duped by phishers every day. IT operations staff configure infrastructure insecurely over and over again. Developers repeatedly write code in the same insecure fashion. Executives are tricked by business email compromises into wiring large sums of money directly to crooks. And IT security staff is asked to carry out near impossible feats of digital protection because they themselves are poorly trained to set up the tools and practices they need to keep up with attackers.
Clearly something has got to give. Security pundits agree that if organizations are going to make a real dent on cyber-risk, they need to start taking security training to the next level. Here are six suggestions for moving beyond generic annual awareness training and truly increasing cybersecurity IQ across the entire organization.