Security Awareness Programs & Computer-Based Training , Training & Security Leadership
The Future of Security Awareness
Theo Zafirakos, CISO at Fortra's Terranova Security, on Modern Awareness ProgramsSecurity awareness training programs are maturing as security teams recognize the need to secure the "human element" of cyber risk. But in the face of more sophisticated attacks using MFA bypass techniques, advanced persistent threats and generative AI, it's time for organizations to create more tailored education programs.
"Generative AI not only adds to the complexity in the terms of risks and threats like advanced social engineering, malware creation, scenarios that have been tailored to the audience - vishing over the phone, phishing their text with automated responses," said Theo Zafirakos, CISO at Fortra's Terranova Security. "Now we have to make our users be smarter than artificial intelligence and be able to detect a fake audio of the president asking you to do something."
Zafirakos advises cybersecurity organizations to partner with the business to promote a cyber-aware culture, not just one-off training. And the C-level needs to embrace the program for it to be truly effective. "We need to have proper ambassadors within the different departments that are not necessarily cybersecurity experts but understand cybersecurity and also understand the business," he said.
In this audio interview with Information Security Media Group (see audio link below photo), Zafirakos discussed:
- The state of cybersecurity awareness training and the sophisticated threats enterprises now face;
- Strategies for creating modern awareness programs and a culture of security;
- The latest training techniques for measuring success and benchmarking potential problems, such as the annual Gone Phishing survey by Fortra's Terranova Security.
Zafirakos is a CISO, trusted cybersecurity adviser and expert in security awareness strategy, governance, privacy and more. He works with security leaders worldwide to help identify, evaluate and manage security awareness strategies that align with their organizational objectives. He's responsible for internal cybersecurity policies and awareness initiatives at Fortra's Terranova Security and leads the professional services team in implementing and executing personalized security awareness training campaigns. He also helps organizations assess their security awareness training program's success with actionable metrics that facilitate long-term optimization and growth. Before joining Terranova Security, Zafirakos spent 20 years at Canadian National Railway, a leading North American transportation and logistics.