Compliance focus, too much security expertise hurts awareness programs
Security awareness teams aren’t getting the support they need to be successful, according to the SANS Institute. But some unexpected factors can cause programs to fail as well, including a focus on compliance — and too much security expertise on the team.
“Most organizations actually have a security awareness program,” said Lance Spitzner, director of the Securing the Human Program at the SANS Institute, looking back at what the industry learned in 2016. “Yet we continue to have problems.”