As a former U.S. Naval officer, Bruce Beam says corporate security training would benefit from adopting the military notion that you fight like you train.

In other words, he says, all employees need to be trained to combat the range of attacks they’ll likely face; all workers should be practiced in how to spot and respond to those threats. That way, when they’re face to face with the real thing, they can fight back just as they learned to do.

“We’ve got to impress on them how really important it is to be prepared,” says Beam, CIO for (ISC)², a nonprofit organization specializing in training and certification for cybersecurity professionals.

A prepared response to threats is the goal of security training programs, but data says organizations are falling short when it comes to getting their workers prepped for battle.

CSO’s 2020 Security Priorities research shows that 36% of security incidents stem from non-malicious user error such as being victim to a phishing scam or unknowingly violating security policy, while 27% of survey respondents say their organization provides inadequate security training for users.

Original article source was posted here