October is behind us, a big month for national security awareness campaigns across several countries. For many, campaigns like this offer the only security training people get during the entire year. But a campaign oriented approach like this has also a few limitations. You simply cannot frame all your company’s security training needs within one month. Campaigns cannot be arranged for each and every other month either. So, what should you do when October ends?
A famous thought leader in security, Bruce Schneier, popularised the term «people, process and technology» back in 1999. Our security strategy must cover all three areas, and this holds more true than ever. Technology still gets the most attention, and we still need to advance the people formula. I believe cyber security needs more empathy.