On 22nd April, Metacompliance showcased its compliance and security awareness training software at "Building Cyber Security and Resilience in a Digital World" in Manchester, UK.
Hosted by iNetwork, an organization that strives to help local public service organizations innovate and provide support to their users, patients, and communities, this year's Info Sec Conference provided an excellent opportunity for entities in the public sector to come together and discuss shared issues and challenges in information security.
MetaCompliance talked with attendees about a variety of topics at April's conference. In particular, how security awareness can respond to the evolving threat landscape.
"One of the recurring comments I heard at iNetwork Info Sec Conference 2016 was that with the increasing number and sophistication of cyber attacks, it’s inevitable you will get attacked," recalls Khalif Mahmood, business development manager at MetaCompliance. "It’s a matter of when, not if, you will get attacked, which means organizations need to make sure they have things in place to protect themselves and their customers' data."
Companies need to make sure they have appropriate solutions and tools in place that can detect anomalous behaviour in their endpoints and help fortify their network perimeters.
To aid this effort, they should invest in security awareness education for their employees. While uninformed users can pose a major threat to organizations' digital security, educated users can effectively help defend the organization against threats at the front lines. By being able to identify a phishing attack, for instance, they can block certain threats from getting in and/or limit the impact of a threat that gets past the organization's network defences.
Unfortunately, an uninformed or reticent Board of Directors can stand in organizations' way, a point which Carey Harding, an information security awareness consultant for MetaCompliance, readily observed at the iNetwork event.
"The biggest focus from both the speakers' and the delegates' perspectives was the obstacle of 'top-level buy-in' and how security personnel could overcome that challenge moving forward," he explains.
One way to approach that obstacle is to cultivate the security awareness training within an organization's Board of Directors. For instance, Mahmood told attendees they could use MetaPhish, MetaCompliance's simulated phishing solution, to evaluate the phishing awareness of their organizations' employees. They could then report those results to senior executives, explain to them the business risk of a successful phish, and explain how ongoing security awareness training could reduce that risk.
For an organization to adequately protect itself in this day and age, employees and senior executives alike must be able to spot digital threats and comply with corporate policies. Companies can try to teach their workforce about digital security and corporate compliance, or they can have an off-the-shelf eLearning solution implemented in a fraction of the time.
Interested in learning more about how eLearning can satisfy your organization's compliance and information security needs? Then contact the MetaCompliance team today.