67% of organizations report that employees have insufficient security awareness.
Fortinet’s 2024 Security Awareness and Training Global Research Report reveals that 67% of organizations are concerned about the lack of fundamental security awareness among employees. This percentage has increased from 56% in 2023. As a result, 94% of organizations plan to implement stricter cybersecurity policies for high-risk employees.
The key findings from the report include:
Amit Zimerman, Co-Founder and Chief Product Officer at Oasis Security, provides advice for organizations looking to enhance employee security awareness training.
“Regular employee training is crucial in combating modern threats, but it should go beyond traditional methods. Utilizing phishing simulators to simulate real-world attacks helps employees apply their training in dynamic environments and test their ability to identify and respond to threats effectively. However, education alone is not enough,” Zimerman explains. “IT security teams should establish robust identity and access management (IAM) frameworks with additional controls such as multi-factor authentication (MFA) to mitigate phishing attempts.
“Attackers are increasingly targeting vulnerable areas of the network, including non-human identities (NHIs) that govern machine-to-machine access and are crucial in cloud environments. NHIs now outnumber human identities in most organizations, making it essential to secure these non-human accounts, particularly in AI-heavy systems like Retrieval-Augmented Generation (RAG).
“To successfully integrate AI-driven security tools and automation, organizations should assess the effectiveness of these tools within their specific environments. Testing tools with real-world data helps ensure they provide actionable insights and uncover previously unnoticed threats. It may be necessary to update existing security frameworks, as older frameworks were not designed for AI environments. A flexible approach that allows for the continuous evolution of security policies is essential.”
