In order to build a strong security culture within your clients’ organizations, it's crucial to consider the role of their employees. According to Fortinet’s global research brief on 2023 Security and Awareness Training, a staggering 81 percent of organizations have experienced malware, phishing and password attacks in the past year alone. Many of these attacks were specifically targeted at users. Research from Gartner also found that in 2022, 82 percent of data breaches occurred due to unsecure or inadvertent employee behavior. 

Training and educating employees on security best practices is paramount in protecting your clients’ sensitive information. However, for cybersecurity training to be effective, security leaders must consider the human element of cyber risk. According to the Gartner survey, employees continue to participate in insecure practices, such as using the same password for multiple accounts or opening emails from unknown sources on work devices, despite being aware of the dangers.

Design Role-relevant Cybersecurity Learning Experiences

Human behavior versus cyber awareness can influence the success of your efforts in building a strong security culture. Gartner recommends that security leaders pivot from offering one-size-fits-all cybersecurity training to providing “role-relevant” training. 

“Cybersecurity training continues to be relevant and valuable to raise security awareness across the organization. Rather than presenting generic, theoretical examples, CISOs should redesign learning modules to be role-relevant reflections of real-world scenarios to improve engagement and value,” Gartner noted in the report.

When it comes to training employees on decision-making skills, it's important to make it relevant to their day-to-day job responsibilities. One effective way is by presenting them with scenarios that have multiple correct solutions, as real-life situations are often complex and rarely black and white. Another approach is to provide a "choose your own path" style of training, where subsequent questions are based on the employee's previous responses. This method allows employees to see the impact of their choices and make adjustments as needed. Here are some tips to keep in mind:

1.     Customize questions and scenarios to align with the employee's job role.

2.     Provide scenarios with multiple correct solutions to reflect the complexity of real-life situations.

3.     Consider a "choose your own path" approach to training, where subsequent questions are tailored based on the employee's previous responses. 

Fortinet security experts can help you design and deploy cybersecurity training that is tailored to your clients’ needs. Our Security Awareness and Training Service is a SaaS-based offering that helps IT, security and compliance leaders build a cyber-aware culture where employees recognize and avoid falling victim to cyberattacks. We also offer FortiPhish—a phishing simulation service that tests your clients’ employees against real-world phishing techniques based on the latest research by FortiGuard Labs.

Discover Fortinet's cybersecurity training and certification programs here.