Security awareness training is one of the most critical and important security requirements for any size organization to consider implementing within their environment. Arguably, the greatest risk faced by any organization is the danger of insider threat as employees are can be considered a weak link in the chain as they are susceptible to curiosity, greed, envy, etc. To further increase risk, employees may be faced with the threat of social engineering attacks including phishing, baiting, spear phishing, tailgating, scareware, pretexting, quid pro quo, etc. To combat these risks, a strong security awareness training program can be leveraged to properly inform employees of the security risks they may be presented within the workplace and how to properly observe, defend, and report any suspected malicious activity.
Simply speaking, there is more to cybersecurity than computers and how they work. This statement includes how your network is setup or even how your firewall is configured, etc. Within cybersecurity there is actually a heavy emphasis on people as they interact directly with data within the organization. These people (employees) can have duties such as maintaining computers, configuring computers, helping others with computer problems, etc. and tend to not be as rational as computers as they can be swayed by emotion. This human factor is what social engineering attacks attempt to exploit to achieve whatever malicious goal may be present. In many serious cases, this can result in an attacker gaining access to systems that they would not normally be authorized.