Are Your Employees The Weakest Link Against Cyber Crime?

Uploaded on 2022-05-05 in TECHNOLOGY--Resilience, JOBS-Training, FREE TO VIEW

It goes without saying that cyber security features prominently in the to-do list of just about any organisation. Cyber criminals aren’t picky - they will happily target the financial sector, the retail sector, legal firms, public sector organisations and even the Government.

If there is money to be made from a ransomware attack or sensitive data to be harvested via a phishing link, hackers will be having a go. They are a persistent bunch.
 
It makes sense that businesses take all the right steps when it comes to investing in robust defences and solutions against cyber attacks. So, they invest their cyber budget on AI and ML based solutions with enhanced security such as CASB. They invest in multifactor authentication or passwordless systems or they have started to get quotes on zero trust network architecture - all sensible approaches.

However, all these things are rendered almost null and void if you neglect to fortify arguably the most critical part of the security puzzle - your people.

If there is no (or very little) security training for your employees, then they will continue to be the weakest link in your defences. And it doesn’t suffice to provide once-in-a-lifetime training or an initial “new starter workshop” in the hope that your organisation is ticking all of the boxes. The threat landscape (and solutions designed to protect against threats) is forever changing, always adapting.

You should therefore treat training in the same way. It should be both comprehensive and regular.
 
Don’t want to take our word for it?  Here in the UK, the independent body set up to uphold information rights Information Commissioner's Office (ICO) has now mandated such training for organisations. The ICO’s guidance is that all staff and volunteers that have access to data, should receive cyber awareness training as part of their induction, within 30 days of starting and before the employee is granted access to any databases containing personal or sensitive data. In addition, they direct that any such training should be on an ongoing basis for all employees. And be warned. If your organisation reports a cybersecurity breach to the ICO then you must be able to demonstrate to the ICO that all new starters have completed training and that you have ongoing training in place for all employees including management of any employee unable to attend such training. If it turns out that your organisation has failed to comply with the ICO’s guidance here than any financially punitive measures could increase accordingly - perhaps other penalties too.
 
It is worrying to see research published in a report by CybSafe, in conjunction with the National Cybersecurity Alliance, that found that 64% of participants still did not have access to any kind of cyber security advice or training. The report went on to point out that even for those who did receive any such training, many found the initiatives to be of little to no worth (27% said that they did not see the benefits of using the training they had access to). It is generally agreed that the vast majority of cyber attacks (perhaps as high as 90%) involve employee error of some sort.

It is common for cyber attacks to start at the Inbox of your email system, with almost all malware being delivered via email.
 
Given the very high correlation between human behaviour and cybersecurity it seems obvious to state that cultivating a general understanding of cybersecurity amongst employees should be prioritised. After all, if few people in your organisation don’t even know what multi-factor authentication is or why clicking on a link in an email is potentially devastating, then you will always be faced with an uphill battle.

Training, especially on a regular basis, is a very good start - giving your people at least the basic knowledge helps to fortify any investment in security solutions.

Going back to the report above, findings showed that amongst those participants with access to cybersecurity training, most made use of it (73%), demonstrating people’s willingness to learn more about ways to protect themselves online when information is available to them.
 
Fortunately, industry has responded positively to this apparent dearth of knowledge amongst workforces generally. There is cyber security training that sets out to strengthen the ‘human firewall’ by running phishing simulations, for example - remember, almost all successful malware attacks arrive via email. Regular training of this sort will deliver valuable data - your organisation needs to be able to measure the progress of people’s understanding to see if real change is achieved.
 
Cyber crime is a scourge of our times. Criminals constantly adapt their approaches to try and beat the latest and greatest defences served up by the cybersecurity industry. However, perhaps your greatest ally in the war against cyber crime are your people. A well- trained and knowledgeable workforce is the greatest deterrent here.  

Steve Whiter is  Director at  Appurity

You Might Also Read:  

How To Improve Cyber Security Visibility & Control:

 

« Find Your Security Vulnerability Before Hackers Do
Cybersecurity Lessons From Ancient History »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

Cybertrust Japan

Cybertrust Japan

Cybertrust Japan provides a comprehensive security certification and digital authentication service, enabling customers to build and manage highly secure IT infrastructures.

Cyber Security Capital (CS^)

Cyber Security Capital (CS^)

Cyber Security Capital is a consultancy helping to mobilise and empower individuals, corporate leaders and entrepreneurs in cyber security.

AEI Cybersecurity

AEI Cybersecurity

AEI brings together companies, Research Centres, Universities, and other organizations interested in promoting new cybersecurity technologies.

Intelligent Waves

Intelligent Waves

Intelligent Waves holds and manages contracts to provide an array of intelligence, operational, communications and IT support to the USG in austere, forward-deployed, hazardous duty environments.

AKATI Sekurity

AKATI Sekurity

AKATI Sekurity is a security-focused consulting firm providing services specializing in Information Security and Information Forensics.

Simility

Simility

Simility's multi-layered fraud detection solution uses superior machine learning & device intelligence technology to safeguard your online businesses.

Sky Data Vault

Sky Data Vault

Sky Data Vault provide the simplest and most cost effective method of Disaster Recovery / Business Continuity for mission critical systems and applications.

CYRail

CYRail

CYRail project will analyse threats targeting Railway infrastructures and develop innovative attack detection and alerting techniques.

Blockchains LLC

Blockchains LLC

Blockchains is committed to changing the world for the better. Using blockchain and other innovative technologies, we’ll build new systems, new security, and new interactions.

Security Alliance

Security Alliance

Security Alliance provide bespoke cyber intelligence consulting and research services.

RIA in a Box

RIA in a Box

MyRIACompliance combines our team of RIA compliance experts with an online software platform to help investment advisers better manage regulatory compliance and cybersecurity responsibilities.

Secured Communications

Secured Communications

Secured Communications has developed the only unified secure communications platform trusted by public safety and counter terrorism professionals around the world.

Apptega

Apptega

Apptega is an award-Winning Cybersecurity and Compliance Platform. Our mission is to make cybersecurity and compliance easy for everyone.

Acumera

Acumera

Acumera is a leader in managed network security, visibility and automation services.

Heartland Business Systems (HBS)

Heartland Business Systems (HBS)

Heartland Business Systems serves commercial, public sector and small to medium business with results-driven and dedicated information technology services.

TrustCloud

TrustCloud

TrustCloud is a global company specializing in the orchestration and custody of secure digital transactions including identification, signature, payments, and electronic custody.