Is it time to blame the messenger for security training failures?

People in your organisation are probably sharing passwords, using unauthorised devices and applications to access corporate data, and unauthorised cloud stores for good measure. Some won’t know this breaches company security policy, others will and won’t care. Some of the perpetrators will be on the shop floor, others around the boardroom table; this wilful disregard for secure best practice knows no pay grade boundary. Truth be told, the chances are high that people just don’t care about your carefully considered ‘security posture’ or really give one, let alone two, hoots for the day-to-day security message on a personal level whether it’s out in the field or up the executive level. Security-TrainingNow that you’ve read that admittedly somewhat ‘paint it black’ introductory paragraph, I urge you to go back and read it again.