Security Experts:

Connect with us

Hi, what are you looking for?



Enlisting Employees to Fight Cyber Threats

With another Cybersecurity Awareness Month behind us, this is the perfect time to kick off or refresh a security awareness and training program for employees. The more that non-technical staff employees know about security issues, the better they can recognize, report, and even prevent threats. 

With another Cybersecurity Awareness Month behind us, this is the perfect time to kick off or refresh a security awareness and training program for employees. The more that non-technical staff employees know about security issues, the better they can recognize, report, and even prevent threats. 

Comprehensive security training is a great way for organizations to enlist employees in the fight against cyber threats. At the same time, such training is highly valued by cybersecurity teams which appreciate having knowledgeable individuals who support their own expertise.

Year-Round Training

Most organizations rely too heavily on their cybersecurity pros to protect them from threats, ignoring the painful reality that human error is by far the most common cause of security breaches.

IBM has found that human error is the cause of up to 95 percent of cybersecurity breaches, and estimates that a data breach costs a company $4.24 million per incident on average.

Human error can be drastically reduced by raising all employees’ awareness of cybersecurity issues. The most effective way to do that is using year-round training. Regular training courses, offering theory-based and hands-on learning, are essential so employees can gain and keep knowledge. Occasional training simply doesn’t help employees to develop tangible cyber skills.

Go Beyond Basic Training

In too many cases, organizations expose employees to pretty much the same basic content each October, presenting such topics as ‘how to spot a phishing email,’ ‘understanding malware and ransomware’, and ‘the dangers of opening unknown attachments.’ 

While conventional security awareness offerings, such as simulated phishing and video-based training, are important and useful, an over-reliance on them does a profound injustice to the cybersecurity curiosity of employees — curiosity that is best approached through hands-on training. 

Offering cybersecurity training across all departments makes a lot of sense given the sophisticated, multi-pronged attack methodologies used by cyber criminals. 

In general, cross-trained people in DevOps, IT, and other departments can greatly enhance an organization’s overall security culture. 

Employee Hands-on Training is not Difficult

There are plenty of resources (including free ones) that cybersecurity practitioners can use to expose interested employees to security concepts in action.

A good way to proceed is to create an outline that covers basic cybersecurity terminology and concepts, includes an overview of the threat landscape and threat actors, and then delves into the nuts and bolts of cybersecurity, security operations, digital forensics, data analysis, and so on.

Ideally, the security team should present employees with several comprehensive modules offering theory-based and hands-on learning. This process can elevate cybersecurity literacy cross-functionally throughout an organization.

Day in the Life of the SOC

Additionally, cybersecurity teams can host a tour of the security operations center (SOC), or even a more hands-on day in the life of the SOC.  The day visit should be built around modules and challenges that present real IT infrastructure, real threats, and real solutions.

The goal of the visit should be to inspire new cybersecurity advocates cross-functionally and to identify hidden talent ideal for a SOC Analyst position.

As skills are developed over time, Cybersecurity Awareness Month can be used to host more interactive cybersecurity exercises typically reserved for cyber practitioners. This is a great way to build gamification, team accomplishment, and individual recognition into a cybersecurity culture that all employees can understand and value.


To combat constant cybersecurity threats, reduce human error, and cut the punitive costs of breaches, organizations need to provide all employees with advanced, year-round training. Cybersecurity advocates throughout the company are the best defense against threat actors.

Written By

Jeff Orloff is Vice President of Products and Technical Services at RangeForce, a cybersecurity training company. He has over ten years of experience in cybersecurity, computer and network security and system administration. Prior to RangeForce, he was Director of Product Management and UX at COFENSE, a company specializing in email security, phishing detection and response. He also served as Technology Coordinator for the Palm Beach County Florida School District.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


The easiest way for a cyber-attacker to gain access to sensitive data is by compromising an end user’s identity and credentials. Things get even...


The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Management & Strategy

750 cyber specialists have participated in Defence Cyber Marvel 2 (DCM2), the biggest military cyberwarfare exercise in Western Europe.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...


Reddit says its systems were hacked following a sophisticated phishing attack aimed at employees.