Seemingly everyday a new vulnerability or malware appears in the news heralding a new threat. However, despite the rise in cyber vulnerabilities and malware, humans remain the primary vector through which organizations are attacked and compromised. Thus, one of the most effective ways to manage this risk is to conduct frequent security awareness training courses. Awareness training helps cybersecurity professionals better manage human risk by altering how employees think about cybersecurity and teaching them to carefully consider their behaviors. Indicators of a successful security awareness program include strong support from executive leadership, increased training team size, and a higher frequency of training sessions. According to Lance Spitzner, SANS security awareness director. “Humans rather than technology represent the greatest risk to organizations and the professionals who oversee security awareness programs are the key to effectively managing that risk.”

Whether your utility has a dedicated security awareness program or are just trying to keep up with reminders, the SANS 2022 Security Awareness Report: Human Risk Remains the Biggest Threat to Your Organization’s Cybersecurity is a must read. For even more timeless security awareness resources, review #8 – Create a Cybersecurity Culture in WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities. Read more at HelpNetSecurity or access the 2022 Security Awareness Report at SANS.