b'BUSINESS MANAGEMENTHOW SECURITY AWARENESS TRAINING IS EVOLVINGby: Drew RobbSHRM.org H Rdepartmentswereoncepercent of all social engineering attacks involve blissfullydivorcedfrompretextingresearching the intended phishing cybersecurityresponsibilities victim prior to launching an attack (such as reading but not anymore. Today, they aretheir social media posts to glean background increasinglyinvolvedincyber- information on their job, family, lifestyle and habits). training programs for employees.Businesses have realized that no matter how much Security awareness training, in particular, has risenthey spend on cybersecurity, their employees and from obscurity a decade ago and is now a hugesuppliers remain their weakest link. If they keep industry. According to Cybersecurity Ventures, thefalling prey to phishing scams via emails, then security awareness training market is worth $5.6the bad guys can gain access to the network and billion in 2023 and is expected to almost doublelaunch a ransomware attack.in value by 2027 to over $10 billion. Given that it is impossible to prevent all attacks The driver of this trend has been the relentlessautomatically, we need to make humans part phishing campaigns of cybercriminals. This yearsof our firewall, said Jamal Bihya, an analyst at installment of the annual Verizon Data Breachtechnology research firm GigaOM in San Francisco. Investigations Report (DBIR) found that 74 percentAwareness training enables the mitigation of of data breaches involved a human element, withhuman risk when sitting in front of a computer.phishing (a.k.a. social engineering) being one of the most prevalent attack vectors. In addition, 50Continued on page 2524 www.mrca.orgMidwest Roofer'