Report: Software security awareness training is at an all-time low

Black Duck has released its annual Building Security In Maturity Model (BSIMM) report, investigating how different sectors (including financial services, healthcare, IoT and technology) are addressing modern software security challenges. This report considers software security practices from more than 120 organizations and represents the work of 11,100 security professionals, who are supporting a total of 270,000 developers and protecting 96,000 applications. 

100% of the organizations in the 2008 BSIMM report conducted training for software security awareness. However, the most recent report discovered 51.2% of organizations are offering basic security training. This is the lowest rate observed to date. 

Patrick Tiquet, Vice President, Security & Architecture at Keeper Security, remarks, “Ongoing training and education on cybersecurity is essential for all organizations — and this should always encompass leadership. Implementing simulated phishing attacks enables employees at all levels to identify and respond to real threats promptly. Additionally, staying informed about the latest tactics and trends helps is crucial for equipping employees with the knowledge to recognize potential threats. Leaders, positioned as key cybersecurity advocates within the organization, play a vital role in ensuring they and their teams receive timely and relevant information. 

“In addition to strengthening password policies, organizations must prioritize education and awareness initiatives to ensure that employees understand and follow cybersecurity best practices. This includes educating them about common password mistakes, such as using easily guessable passwords or reusing passwords across multiple accounts. Again, regular training and simulated phishing exercises can help reinforce best practices and identify areas of concern.”