The Importance of Security Awareness Training: Cultivating a Culture of Questioning

Tim Bixley

Despite the rapidly evolving cyber threat landscape, security awareness training is often perceived as a compliance ‘tick box’. However, it should be viewed as a critical, ongoing commitment by businesses to protect their assets and data. One of the most effective ways to enhance security awareness is by fostering a culture of questioning within your team.

Why security awareness training is essential

• Increasing cyber threats: The sophistication of cyber-attacks is accelerating, making it imperative for employees to have ongoing vigilance (1).
• Human error: Over 80% of security breaches are due to human error. Effective training plays a critical role in mitigating this risk (2).
• Regulatory compliance: Many industries and cyber insurers have regulatory requirements that mandate security training.

The power of a ‘questioning culture’

Encouraging employees to question suspicious activity can greatly enhance a business’s security posture. This culture needs to be ingrained and supported by leadership.

Real-world scenario

Imagine receiving an email from your ‘boss’ asking you to purchase something urgently. Your instinct might be to action immediately. However, taking a moment to clarify the request– especially if it seems unusual – could prevent potential fraud. Instead of recognising your vigilance, your boss questions your competence and gets frustrated with you. How likely are you to ask a similar question in the future?

Challenges to overcome

• Lack of Awareness: Without adequate training, employees might not recognise the signs of phishing or other cyber threats.
• Asking the ‘dumb’ questions: Employees may avoid asking questions out of concern that they might appear foolish or uninformed.
• Fear of repercussion: Employees might fear negative consequences if they question directives from leadership.

The emergence of audio and video deep fake impersonation

Advanced technologies like deepfake audio and video are making it harder to distinguish genuine communications from fraudulent ones.

• Deep fake calls: Cybercriminals can now use AI to mimic the voices of executive leaders over a phone call.
• Video impersonation: Fake videos can be created to deceive employees into taking harmful actions.

These sophisticated attacks underscore the need for a questioning culture more than ever.

Building a Culture of Questioning

To cultivate this culture, leaders need to:

• Lead by example: Model questioning behaviour and openly appreciate it.
• Recognise and reward vigilance: Acknowledge and reward employees who demonstrate proactive questioning.
• Allocate resources: Ensure adequate resources are available for comprehensive security training, such as when onboarding new employees.
• Provide ongoing testing and training: Regular training sessions and phishing testing to keep employees informed about the latest threats is essential.

Security awareness training is crucial in today's digital landscape, especially with the rise of advanced cyber threats. By fostering a culture of questioning, businesses can empower their employees to act as the first line of defence against cyber-attacks. Leaders play a pivotal role in this transformation, ensuring that security becomes an integral part of your company's ethos.

Invest in your business security future today by prioritising continuous training and cultivating a culture of questioning.

1. Cyber security trends: Looking over the horizon
2. Stanford Research:88% Of Data Breaches Are Caused by Human Error
3. What Is Deepfake: AI Endangering Your Cybersecurity?