Information Security Awareness - It's Time We Know What Works
Unfortunately, making such an assertion is much harder than it sounds: simply identify a cyber security awareness slogan, icon, or training methodology that permeates the airwaves, cuts through today’s online clutter, and results in a workforce that doesn’t fall for phishing emails, understands that financial institutions will never email requests for account owners’ passwords, and is conscientious in applying the latest operating system and client-side application software patches. Just as importantly, we must know why the slogan is effective and why it is able to get consumers and employees to modify their thinking and behavior.
Without understanding “why” a particular awareness campaign works, the information industry will not be prepared for when the next generation of cybercrime and malware is effective on the next generation of Netizens. For this reason, research into cyber security awareness campaign effectiveness is paramount.
Forty years before the personal computer was born, the Advertising Council created the advertising mascot/ icon Smokey Bear (who is, often, incorrectly called Smokey the Bear) to educate Americans about the dangers of forest fires and wildfires. Per the Ad Council, 95% of adults recognize Smokey Bear and his slogan, “Remember… Only YOU Can Prevent Forest Fires”; however, I am unaware of any research and measure of effectiveness that emphatically concludes the U.S. National Park Service’s investment in the Smokey Bear advertising campaign has reduced the number of forest fires or wildfires. This is not to say that our beloved Smokey Bear campaign is not worthwhile. It is just that everyone is extremely cost conscientious and measuring an advertising campaign’s return on investment (and then investing only in effective campaigns) is a necessary evil; however, it implies a correlation between a message or training and something that doesn’t happen. And this “proving of a negative” will also be an issue in an effectiveness measure of just about every cyber security awareness campaign: we might be able to determine why a consumer clicks on a link but will we be able to determine which catchy slogan or training tidbit caused someone not to open a malicious attachment?
Today's Threat Landscape Requires Adaptive Security
Staying Abreast of Application Development and Delivery
How to Ensure Information Security when Outsourcing Your Projects
This Is How Your Computer Gets Hacked!
By Tom Farrah, CIO & SVP, Dr Pepper Snapple Group
By George Evans, CIO, Singing River Health System
By John Kamin, EVP and CIO, Old National Bancorp
By Phil Jordan, CIO, Telefonica
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
By Dennis Hodges, CIO, Inteva Products
By Bill Krivoshik, SVP & CIO, Time Warner Inc.
By Gregory Morrison, SVP & CIO, Cox Enterprises
By Alberto Ruocco, CIO, American Electric Power
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
By Sven Gerjets, SVP-IT, DIRECTV
By Marie Blake, EVP & CCO, BankUnited
By Lowell Gilvin, Chief Process Officer, Jabil
By Walter Carvalho, VP & Corporate CIO, Carnival Corporation
By Mary Alice Annecharico, SVP & CIO, Henry Ford Health System
By Bernd Schlotter, President of Services, Unify
By Bob Fecteau, CIO, SAIC
By Jason Alan Snyder, CTO, Momentum Worldwide
By Jim Whitehurst, CEO, Red Hat
By Marc Jones, Distinguished Engineer, IBM Cloud Infrastructure