Build a Security Awareness and Training Program Your weakest link is between the keyboard and the chair. End users are either the intentional or the unintentional cause of security threats for your organization. They are one of the largest vulnerabilities organizations face today: They are easily manipulated through malicious activities They are then exploited in order to: Steal information or data Cause disruption or sabotage to an organization Organizations invest huge capital into technology-based security controls while, in the meantime, end users will continue to be one of the weakest links. The average cost of a data breach due to human error was approximately $160 per record compromised. Source: Ponemon Institute, 2014 Cost of a Data Breach Of organizations, 19% found that the cost of a social engineering incident was more than $100,000. For organizations with more than 5,000 employees, this increased to 30%. Source: Ponemon Institute, 2014 Cost of a Data Breach Over 95% of all security incidents investigated recognized human error as a contributing error. IBM Security Services 2014 Cyber Security Intelligence Index Of companies, 55% indicated that they believe privileged users were the biggest internal threat to corporate data. Source: 2015 Vormetric Insider Threat Report There are three main areas that security needs to focus on: technology, process, people Most organizations are aware of these three areas; however, many focus purely on the technology and process aspects. The resources and budget spent on the people aspect of security pales in comparison to process and technology. For any organization to succeed with their technology and process related controls, the people need to be security aware and trained. There are three main areas that security needs to focus on: technology, process, people Develop your security awareness and training program using an agile methodology. For the most effective results, apply the software agile development methodology to your security awareness and training program, focusing on the continual delivery of customized modules delivered to staff in smaller portions. Security policies are your foundation. For any security awareness and training to be effective it must