From weariness via wariness to awareness

Weary of the same old stuff, day after day?  Wary of over-blown threats, confusing security controls and crude "Do it or else!" compliance demands blasted out repeatedly and loudly in the vain hope some might just stick?

Us too! Those are common issues in awareness and training, betraying a lack of appreciation and respect for the audience. We can do better. 

No really, we must.

Awareness and training leading to understanding and genuine support for security is our way. We take the trouble to pick-apart complex issues such as phishing and pharming, explaining them straightforwardly with plenty of diagrams and examples to inform, engage and motivate three distinct audiences. We spend at least as much time exploring the broader context to the issues, explaining why they are of concern, as we do telling people how to respond, what to do and not to do. We are addressing intelligent adults through soundly-researched content, professionally crafted for this specific purpose.  

There's more to this than meets the eye. More Haynes manuals and exploded parts diagrams than childish cartoons or death-by-PowerPoint bullet points.

Our innovative approach to security awareness shines through topics such as phishing. Social engineers, identity thieves and other fraudsters are actively innovating, constantly on the search for new tricks to phool even wary victims. We can only get so far by talking about previous and current attacks because there's something new on the way tomorrow or the day after. Future-proofing requires a deeper appreciation of our adversaries' motivation and techniques ... which is part of the awareness challenge. 'Think like a phisher' is much easier said than done. On top of that, we must remain ethical, steering well clear of accidentally encouraging people to become phishers!  

Right there is an example of an information risk that few organizations even consider - not so much inept awareness and training as the possibility of phishing being committed by insiders against their colleagues and employer. Having covered insider threats and outsider threats in the previous two months, we have laid the foundation to take things up a level in October's awareness module.

Enough blogging: must dash. I have to 'revalidate my login' to avoid losing my email account, again ...