Skip to main content

Einstein and Security Awareness

September 18, 2019

Confession: For six years, I told every middle school student who attended my math class that I was dating dear Albert Einstein (aka Albie). It’s true. There he was, the very embodiment of my love of math, immortalized in a 3’ x 5’ poster with his disheveled hair, wide eyes and Gene Simmons-like tongue sticking out, hanging on the back wall. My students thought I was crazy.

What’s not crazy, is how impactful this wonderful math can be when planning, building and running a security awareness training program that engages your end-users and produces the outcomes you are seeking. October is National Cybersecurity Awareness Month (NCSAM) and a great time to take a deeper look at the awareness in your organization. Let’s see how you can use metrics to improve your security awareness training program.

It is all about connecting

Correlations are a topic that you likely learned in middle school, whether you remember it or not. Since it was a while ago, here’s a refresher. A correlation is defined as a mutual relationship or connection between two or more things – where the trend points to a distinct affect one set has on another.

  • Positive Correlation: As one data set increases, the other increases.
  • Negative Correlation: One data set inversely affects the other. This means, as one increases, the other decreases. And vice versa.

See, that was painless, right?

The cybersecurity correlation

As technologies, cyber threats, workforce characteristics and operational landscapes evolve, so must the solutions to address them. As such, security awareness programs should be data-driven. They should be agile, dynamic and undergo on-going analysis to ensure they are purposeful in addressing end-user behaviors and not simply arbitrarily checking a box.

The emergence of actionable insights comes from the analysis of applicable data sets and their correlations. In a security awareness program, applicable data sets may include: survey results, course completions, policy acknowledgments, lunch and learn attendance and incident reporting metrics.

Consider this Scenario:

  1. Through an employee survey, you find that feelings of empowerment at work have a positive correlation to the number of correctly reported phishing simulations.
  2. Through data analysis, you find that as more people report phishing simulations, the number of successful malware incidents decrease.
  3. This would lead us to conclude that positive feelings of empowerment at work lead to fewer malware incidents for the company.
  4. The security awareness program leaders then start working with human resources and people managers on initiatives to increase the positive feelings of empowerment felt by their employees.

Security awareness programs are designed to educate end-users about cyber threats and what to do when they see them. If you’re looking for a real ROI, dive into the data. Allocate resources where your end-users need them. And if anyone questions you, stick out your tongue like my dear Albie and show them the math.

    Tiffany Franklin

By: Tiffany Franklin

See More

Related Blogs

May 29, 2019

Four Ways to Reduce Identity and Data Risks in a Digital Economy

The use of stolen credentials ranks as one of the most commonly seen aspects of cybersecurity incidents, and loss of unencrypted data is one of the mo...

See Details

May 22, 2019

Modernise your Privileged Access Security

Privileged Access Security should not be viewed mainly as the implementation of a PAS or PAM technology and augmented (or integrated) with other third...

See Details

April 17, 2019

MythBusters: Debunking Five Common Identity and Data Management Myths

Debunking common myths about IDM. Examples: too expensive and complex; current IT teams can't support IDM evolution; custom is better; company data/IP...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.