Developing a company culture and ongoing training that values cybersecurity can help mitigate current and future cybercrime threats. Employees can be one of the biggest threats to a company’s cybersecurity, but with the right training, they can be armed with the tools to form a strong, frontline defense against cybercriminals.
We were all shocked by the recent security breaches at organizations like JP Morgan Chase and Equifax. If companies with high levels of security can be breached, then what about the thousands of smaller businesses across the world?
Businesses put themselves at risk by failing to regularly train their employees to recognize threats
Although most enterprises have indeed increased their budgets for IT security, it doesn’t seem to be having the impact CEO’s had hoped for. When you take a hard look at the job description of most CISO’s, you can readily see the problem. In today’s business environment, IT specialists are required to know everything there is to know about the different devices in the market—And then to top it all off, each device must be properly configured and aligned with the overall data system’s architecture.
Businesses put themselves at risk by not performing adequate cybersecurity risk assessments and taking action to mitigate them, and by failing to regularly train their employees to recognize threats.
Many IT experts believe that one reason for the consistent failure of counter-threat intelligence is the fact that experts are always a few steps behind the hackers. Cyber threats become more sophisticated with each new breach. When critical data is compromised, customer data, financials, and intellectual property are freely available to attackers.
Effective security requires a unified approach. Appropriate technology and well-written policies are critical. But, they cannot provide the entire solution. Recent studies have shown that it is the human element that is at the heart of most security incidents.
Verizon reported that the biggest threats to security are from external sources that prey on the habits of personnel. So yet again, the human element continues to be the weakest link in information security. They cite recent examples of breaches in the healthcare industry as an example of the need for better training. This should not come as news to anyone involved in the information security industry. In my experience, it is the failure to provide employees with appropriate and ongoing training that creates conditions ripe for a security incident.
The human element continues to be the weakest link in information security
“The greatest cybersecurity risk to businesses is their own untrained, unprepared staff. Over 90% of all breaches go back to a bad email attachment, malicious link, or other employee mistakes,” said Tracy Hardin, president and founder of Next Century Technologies, an IT consultant and managed services firm in Lexington.
Years ago, hackers sent thousands of generic and crudely written phishing emails and hoped a small percentage would fall for them. Scam emails from Nigerian princes wishing to share their wealth and long-lost relatives with inheritances to bestow are a thing of the past. Today’s cybercriminals study their targets – using information readily available online – and tailor their scams to specific companies and individuals.
“Phishing is becoming more sophisticated,” Danaher said. “Compromised (Microsoft) Office 365 accounts from people you know are sending malware in attachments. Secure attachments are being used to trick users into downloading malware and giving up their passwords to sites like Office 365, Amazon, and Google.”
In a world where information is so readily available, the task for CISO’s is now more complex. It requires better and more consistent training for employees and vigilance at every level. With ongoing training, employees can help identify outside risks in their email boxes or across the Internet.
The job of combatting cybercriminals mandates that we take the protection of our data as seriously as we do the protection of our homes and families. It’s not just the responsibility of IT specialists and CISO’s—It’s everyone’s job to guard the “doors and windows” of our network and cloud storage systems.
Free for up to 5 users.
No credit card needed.