Fortinet’s 2024 Security Awareness and Training Global Research Report reveals 67% of organizations are concerned that employees lack fundamental security awareness. This percentage has increased since 2023, when 56% expressed concerns with employee security awareness. Perhaps as a result, 94% of organizations want to implement more stringent cybersecurity policies for high-risk employees.
Key findings from the report include:
Amit Zimerman, Co-Founder and Chief Product Officer at Oasis Security, offers the following advice for organizations seeking to improve employee security awareness training.
“Regular employee training remains essential in combating today’s threats, however, training must evolve beyond static lessons. Incorporating phishing simulators to mimic real-world attacks enables employees to apply their training in dynamic environments, testing their ability to recognize and respond to threats effectively. However, education alone isn’t sufficient,” Zimerman asserts. “IT security teams must implement strong identity and access management (IAM) frameworks with compensating controls like multi-factor authentication (MFA) to mitigate phishing attempts.
“Attackers are increasingly looking at weaker parts of the perimeter, such as non-human identities (NHIs), which control machine-to-machine access and are increasingly critical in cloud environments. NHIs now outnumber human identities in most organizations, and securing these non-human accounts is vital, especially in AI-heavy architectures like Retrieval-Augmented Generation (RAG) systems.
“To successfully integrate AI-enabled security tools and automation, organizations should start by evaluating the effectiveness of these tools in their specific contexts. Teams should test tools against real-world data to ensure they provide actionable insights and surface previously unseen threats. Existing security frameworks may need to be updated, as older frameworks were designed for non-AI environments. A flexible approach that allows for the continuous evolution of security policies is critical.”