Reading Time: ~3 min.
In a
recent report by the firm 451 Research, 62% of SMBs reported having a
security awareness training program in place for their employees, with half
being “homegrown” training courses. The report also found that most
complained their programs were difficult to implement, track, and manage.
Like those weights in the garage you’ve been meaning to lift
or the foreign language textbook you’ve been meaning to study, even our most
well-intentioned efforts flounder if we’re not willing to put to use the tools
that can help us achieve our goals.
So it goes with cybersecurity training. If it’s cumbersome
to deploy and manage, or isn’t able to clearly display its benefits, it will be
cast aside like so many barbells and Spanish-language dictionaries. But
unfortunately, until now, centralized management and streamlined workflows
across client sites have eluded the security awareness training industry.
The Importance of Effective Security Awareness Training
The effectiveness of end user cybersecurity training in
preventing data breaches and downtime has been demonstrated repeatedly.
Webroot’s own research found security
awareness training cut clicks on phishing links by 70 percent, when
delivered with regularity. And according to the 2018 Data Breach
Investigation Report by Verizon, 93 percent of all breaches were the result
of social engineering attacks like phishing.
With the average cost of a breach at around $3.62
million, low-overhead and effective solutions should be in high demand. But
while 76 percent of MSPs reported using some type of security awareness tool,
many still rely on in-house solutions that are siloed from the rest of their
cybersecurity monitoring and reporting.
“MSPs should consider security awareness training from
vendors with cybersecurity focus and expertise, and who have deep visibility
and insights into the changing threat landscape,” says 451 Research Senior
Analyst Aaron Sherrill.
“Ideally, training should be integrated into the
overall security services delivery platform to provide a unified and cohesive
approach for greater efficacy.”
Simple Security Training is Effective Security Training
Security awareness training that integrates with other
cybersecurity solutions—like DNS and endpoint
protection—is a good first step in making sure the material isn’t brushed aside
like other implements of our best intentions.
Global management of security awareness training—the ability
to initiate, monitor, and report on the effectiveness of these programs from a
single pane of glass across all of your customers —is the next.
When MSPs can save time by say, rolling out a simulated
phishing campaign or training course to one, many or allclient’s sites across
the globe with only a few clicks, they both save time and money in management
overhead, and are more likely to offer it as a service to their clients.
Everyone wins.
With a console that delivers intuitive monitoring of
click-through rates for phishing campaigns or completion rates for courses like
compliance training, across all client sites, management is simplified. And
easily exportable phishing and campaign reports help drive home a client’s
progress.
“Automation and orchestration are the force multipliers MSPs
need to keep up with today’s threats and provide the best service possible to
their clients,” says Webroot SVP of Product Strategy and Technology Alliances
Chad Bacher.”
So as a growing number of MSPs begin to offer security
awareness training as a part of their bundled services, and more small and
medium-sized businesses are convinced of its necessity, choosing a product
that’s easy to implement and manage becomes key.
Otherwise, the tool that could save a business from a breach
becomes just another cob-webbed weight bench waiting for its day.
To learn about
security training that’s effective, efficient, and easy to use, read about our new Webroot® Security Awareness Training release.
The post Why Simplified Security Awareness Training Matters for MSPs and SMBs appeared first on Webroot Blog.