Over the last 10 years, our "Indian School of Anti Hacking" has conducted several in-house training at top companies like Deshaw, Mjunction, CESC, National Power Grid, Banks; where our ethical hackers have shown LIVE demos of Hacking. This is the new form of training where you not only read and hear, but see practical demonstrations of the consequences of cyber security mistakes. This gives the best awareness. What you see is what you believe.
Organisations have always invested in perimeter security as the endpoint was supposed to be in the trusted zone. Now with employees working from anywhere and everywhere, companies will invest a lot on endpoint security, as well as the authentication and authorisation tools and techniques. VPN, privileged access management, etc. will be the key technology. Cloud adoption which was mostly for the servers, now will also be used to put desktops on cloud, so that employees log into virtual offices in the cloud and all data is still in control with the organisation.
People have always been the weakest link whether they are working from home or office or client site. Providing them awareness is the key solution. The awareness should be in a language which they can relate to their day to day operations. Coupled with real life case studies related to their work, and focussing on the consequences proved by some LIVE demo, can open up their eyes. Usually companies make mistakes of making content which appears to be preaching without giving much insight. Organisations must think of people behaviour and award people who not only help to embed security in the company culture, but also bring innovation into the rapidly dynamic cyber security in today's world.