Recent data finds that cybersecurity is suffering from complexity. It’s the opposite of a lack of tools to use. There are too many tools and only about ⅔ of cybersecurity tools are fully deployed at companies. 42% of cybersecurity tools overlap 😱😱. And, the problem is only going to get worse as at least ¾ of companies are increasing spending on cybersecurity.

Security awareness is a niche within cybersecurity that is suffering the same fate as the broader market. Companies are buying multiple tools for training, phishing, event-driven training, and human risk. These tools need to be integrated with LMSs, HRISs, and sometimes auth systems. What is often missed is the goal of security awareness - namely to reduce the risk from human actions and behaviors.

Why keep cybersecurity simple?

There are a few reasons why it is helpful to keep cybersecurity and security awareness simple. One reason is that simplicity makes things easier to understand and remember for everybody. When something is simple, it is less likely to be confusing or overwhelming, which can make it easier for people to process and retain the information. Don’t add complexity, add more touchpoints.

Additionally, simplicity can also make infosec more efficient and effective. When something is simple, it usually takes less time and effort to accomplish, which can be especially important in situations where time and resources are limited. This also has huge implications for transitions in work and onboarding.

Finally, simplicity can also create a sense of clarity and focus, which can help people to stay on track and avoid getting sidetracked by unnecessary details or distractions or topics. Instead of having 10 dashboards and a bunch of related but not-quite-mapped metrics, give managers and admins less things to track and improve. Instead of pushing 15 security awareness topics at all employees, focus on the top 3-5 that result in 95+% of security incidents.

A simple, powerful approach to security awareness and human risk

Instead of buying more tools to measure human risk or more content to deliver the same message annually but in a different way or another phishing simulator, double down on connecting security to employees. It does not need to be hard or complex. The connection just needs to be consistent and continuous.

Set a goal of connecting to all employees with relevant, high value security awareness topics at least once per week. This can be an email or a Slack message. Don’t overproduce it by doing crazy videos or content that requires a lot of time to create and distribute.

By focusing on connection, security teams build bridges from employees to best practices and a security mindset.

—-

Haekka was built for simplicity. Haekka connects security to employees year round, giving security teams the tools they need to engage employees and giving employees a delightful, continuous security awareness experience in the tools they already use today.

‍