Attackers have targeted and successfully exploited individuals human behavior to breach corporate networks and critical infrastructure systems.
Targeted individuals who are unaware of information and threats may unknowingly circumvent traditional security controls and processes and enable a breach of the organization.
Cybersecurity as a business problem has dominated the agenda of most chief information officers (CIO)s, exposing a need for countermeasures to today's cyber threat landscape.
One of the reasons researchers agreed upon that the pace at information system is evolving and expanding, the security awareness program among the employees is falling way behind.
[7] A more recent study, the Verizon Data Breach Investigations Report 2020, discovered similar patterns with 30% of cyber security incidents involving internal actors within a company.
Although organizations have not adopted a standard way of providing the security awareness program, a good program should include awareness about data, network, user conduct, social media, use of mobile devices and WiFi, phishing emails, social engineering and different types of viruses and malware.
As of early 2015, CIOs rated information security awareness related issues as top strategic priorities.
In addition, malicious traffic often goes unnoticed because attackers often spy and mimic known behavior in order to prevent any intrusion detection or access monitoring alerts.
[13] Specifically they measured "understanding about circumventing security protocols, disrupting the intended functions of systems or collecting valuable information, and not getting caught" (p. 38).
The researchers created a method that could distinguish between experts and novices by having people organize different security scenarios into groups.