Table of Contents
- Summary
- Market Categories and Deployment Types
- Key Criteria Comparison
- GigaOm Radar
- Vendor Insights
- Analyst’s Take
- Methodology
- About Jamal Bihya
- About GigaOm
- Copyright
1. Summary
Designing a defense strategy against cyber threats for systems, networks, and data that focuses only on technologies does not guarantee an organization’s information assets will be protected. Neglecting the risk associated with the human factor for securing the company’s perimeter is an oversight that sooner or later will be exploited by cybercriminals. The statistics prove it. The majority of successful cyberattacks are made possible by accidental human failure, often due to a person’s lack of vigilance, ignorance of the issues and risks related to certain behaviors, or a lack of commitment to contributing to the defense of the organization’s security.
The question that arises, therefore, is how to make employees themselves a firewall against cyberthreats. The answer involves the systematization of awareness and training in security concerns for all company employees.
This is nothing new because security awareness and training (SA&T) programs have been around for a relatively long time in the IT world. And yet attacks exploiting human vulnerability continue to succeed.
Why? The battle to capture the very fragmented attention of employees during training is ongoing. The challenge is no longer just about the content of SA&T programs but increasingly about the mechanisms, methods, and means of delivering the content in such a way that it is impressed on the mind of each employee. The goal is to both change the organizational culture toward security and to impact employee behavior to support it.
The market’s response to this challenge comes from companies that were already specialized in the training of cybersecurity experts or from young and innovative offshoots that were launched specifically to address the need for SA&T in organizations.
The notable difference between the two types of SA&T providers lies in the way they approach the issue. Those already involved in training tend to concentrate on the breadth and richness of the cybersecurity library content, while those newer to the SA&T field focus more on how that content is delivered, with the clear and stated goal of having an observable and measurable impact on individual behaviors and enterprise cultural changes. To do this, these providers use psychological concepts governing the mechanisms of behavior change in humans coupled with innovative pedagogical concepts. SA&T subjects are delivered in micro and nano capsules dealing with a particular point or by resorting to audiovisual or gamification techniques from the world of entertainment.
Clearly, both content and delivery are important, so the choice of an SA&T product should consider not only the richness and continuous renewal of the cybersecurity library content but also the methods, means, and format of delivering of security topics.
This GigaOm Radar report highlights key SA&T vendors and equips IT decision-makers with the information needed to select the best fit for their business and use case requirements. In the corresponding GigaOm report “Key Criteria for Evaluating Security Awareness and Training Solutions,” we describe in more detail the capabilities and metrics that are used to evaluate vendors in this market.
How to Read this Report
This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:
Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.
GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.
Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.