In 2023, the Awareness subtask team, within the GN5-1 Security Work Package 8, Task 2 Human Factor (WP8 T2), conducted a survey on the status of cybersecurity awareness within the National Research and Education Networks participating in the project; 25 organisations took part in the survey: 24 NRENs plus GÉANT.
Security awareness relates to the measure in which employees are aware of cyber threats and know what they can do to mitigate these risks.
Main findings
- The majority of surveyed NRENs consider the “human factor” to be a key element of cybersecurity and are actively taking actions to train their employees. However, the survey revealed that the maturity of NRENs’ security awareness programmes varies widely.
- How NRENs approach their security awareness programmes also varies. Where some rely on ad- hoc actions for a general audience, others already have a risk-based approach involving tailored strategies for different target audiences.
- The channels used also vary widely, ranging from classic training methods to awareness games.
- Most NRENs have limited resources for internal security awareness, with only a few with a dedicated full-time employee to tackle this challenge.
- Most employees dedicated to internal awareness are part of the security or CERT teams within their organisation and coordinate awareness activities with other departments such as marketing and communication.
With regards to external awareness activities, most NRENs help their communities to tackle security challenges by providing them with communication materials and e-learning, and by organising security events, conferences, etc. The same variation in maturity levels identified for the internal awareness is also evident in external initiatives.
Next steps
The Awareness subtask will continue to work towards its objective of helping NRENs set up and improve their awareness programmes in order to strengthen their resilience against security incidents and cybercrime, tailoring its support to meet the different and diverse needs and capabilities of the GÉANT community.
In previous iterations of the GÉANT project, a wealth of ready-to-use security materials was developed, selected gathered and stored, and the Awareness subtask within GN5-1 WP8 T2 plans to build on this content to enable NRENs to have easy access to such material according to their specific cybersecurity requirements. A repository with all the available awareness materials will be available in the course of 2024.
More information
Download the report with all results of the survey: “Status of Cybersecurity Awareness within National Research and Education Networks”
For further information about this initiative, please get in touch with the Awareness subtask team.
