intelligence to the deployer. Another challenge is that during practice it doesn’t always work out that way. According to study attackers with penetration testers knows about deception technology and they have bussed out when something looks fishy.
Awareness Awareness is one of the key principles of information security. It seeks to understand and enhance human risk behaviour and beliefs about information security at large. Awareness helps in understanding the organizational culture as a countermeasure to rapidly evolving threats. Onyeji, Bazilian & Bronk (2014) states that information security awareness focuses mainly on raising consciousness regarding potential risks of the rapidly evolving forms of information and the evolving threats to the information which targets human behaviour. EnergyA company can use Awareness to control cyber threads because threats have matured and also information has increased in values. Due to the increase in information, also attackers have increased their capabilities and they have come up with more attack methods and methodologies. According to research, attackers have successfully targeted and exploited individual human behaviour to breach corporate networks and critical infrastructure network. According to Solms & Niekerk (2013), most attackers are targeting individuals who are unaware of information and threats, this is because through them they cab unknowingly circumvent traditional security controls and processes which may lead to a breach of the organization. Cybersecurity, as a business problem has dominated the agenda of most chief information officers (CIO), s exposing the needs to countermeasures to today's cyber threats landscape. Information security awareness is essential
in organizations because it informs everyone that they are susceptible to opportunities and challenges in today's landscape, and also it secures organizational culture Implementation of awareness The security awareness program is the best solution energyA company can adopt to help reduce the cases of security threats which might be caused by internal employees. The program helps employees to understand that information security is everyone's responsibility. Onyeji, Bazilian & Bronk (2014) added that preventing data breaches in an organization is largely about creating clear internal messaging and successfully disseminating that message throughout the organization. So below are the tips that will help implement more security awareness and training so that sensitive information like payment card data, personally identifiable information (PII), or protected health information (PHI) at your organization The company should ensure they have policies and procedures in place such as firewall rules and data retention policies. This is because data security begins and ends with documentation. So, the company should
ensure it takes more time and details so that its security culture will have a better foundation. Also, it is advisable to provide employees with easy access to reliable updated security information.