Malawareness, InfoSec 101 and security culture
We've spent an unusually busy February updating two key awareness modules.
The awareness module for March covers malware, including bank Trojans, ransomware, APTs, worms and more. We update the malware module annually, and it needs it: malware is a constantly evolving beast, so standing still implies falling back. In the same vein, the module looks forward at how the malware risks are likely to change in the years ahead, prompting a serious discussion with management about strategic options. In our considered opinion having researched the topic in some depth for the module, malware risks that are already serious are getting even worse. The trajectory is clear, with significant implications on the way organizations treat the risks.
The Information Security 101 module has been thoroughly refreshed and updated for use in new employee security orientation sessions, and in launching security awareness programs. Along with many other changes, we've introduced a checklist format for the module listing that we plan to adopt for the regular monthly modules in future, encouraging customers to skim quickly through the contents of the module on receipt and check-off the items they think are worth using.
Finally, we've tweaked our marketing a little to emphasize the social networking side of what we do - specifically, encouraging staff, managers and professionals to discuss information security among and between themselves, and actively building a network of information security contacts throughout the organization - as part of our effort to help customers establish a culture of security. While this innovative approach seems perfectly obvious and straightforward to us (and, to be honest, we've been quietly developing the theme for several years already), we believe it is a unique differentiator in the security awareness market.