Review Your Cybersecurity Awareness

Uploaded on 2018-12-12 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

In 2018, a person couldn’t listen to the news without hearing of the latest company breach, which included many well-known companies such as Adidas, Timehop, Saks Fifth Avenue, Panera, T-Mobile and Facebook. 

Several of these breaches affected subscribed users or patrons by exposing their personally identifiable information which they entrusted to these companies.

Some breaches were caused by insider threats, some by social engineering and others by unpatched vulnerabilities. Yet, with all of these breaches this year and years past, phishing still remained one of the top attack vectors in 2018, and will continue to play a major role in the threat landscape of 2019 and beyond. 

Phishing, along with other social engineering attack vectors, preys on the human element. If 2018 taught us anything, it’s that companies need to use a more proactive approach in order to try to prevent these attacks from happening in the first place. 

This can be made possible by holding the human aspect of security in high regard and ensuring that training and education continue to play a large part in a multi-layered approach to security. 

While social engineering continued to stay on the security radar in 2018, automation and Artificial Intelligence were two topics that truly became popular buzzwords in the industry, and we can expect to see more of these being implemented into security programs going forward.

Although these are both massive technological advancements for the industry, still the human factor remains thus they will need to be used in conjunction with training to help prevent incidents. 

From a security awareness perspective, another growing trend that needs to be addressed going forward is connected devices. We are in an “always-on” culture, surrounded by technology that we enable to make our lives move faster and more efficiently.

However, with this connectedness comes more risks, and these risks are the ones people sometimes don’t even realise exist. If we can educate users on best practices regarding IoT, we can make everyday occurrences that are as simple as their drive to work, their time spent watching television or listening to music via their digital assistants, or even adjusting the temperature in their home ecosystem more safe and secure.  

Just like in 2018, the need for security awareness programs at companies of all sizes will continue to grow in 2019, and the demand to fill these roles will grow as well.

As more attacks continue to happen, additional training around prevention, as well as response, is imperative. Likewise, as the need for training increases, more and more vendors are popping up each day to help fill this security awareness void.

Many of these third-party training and awareness materials can be wonderful supplemental material to a robust and mature security awareness program, but it’s essential that those in the field do diligent research to choose a vendor that is reputable and best meets their company’s needs. 

Security also finally has the ear of the board, and security awareness is a question that is top of mind to most executives. With an extensive amount of cybercrime occurring, more companies are making headlines in a negative light, forcing boards to acknowledge the undesirable recognition a breach can lead to including being front and center in the media which can be damaging to their brand and reputation.

Many of the breaches that occurred during and prior to 2018 could have quite possibly been prevented had a user been given the proper training and tools they needed to be more vigilant. 

There are also additional regulations coming out globally as well as in the US on a state by state basis: these regulations are mandating more restrictions around data privacy and protection of information, thus making the old checkbox approach to security awareness a practice of the past.

All these factors drive the need for security awareness professionals to develop programs that include frequent training and education to keep their companies and their assets secure. 

As an industry, we are continuing to make great strides when it comes to security awareness and education but, unfortunately, the threat actors continue to remain one step ahead. Every aspect of the business needs to be security aware because anyone from the top down, to the bottom up, can become a victim.

In 2019, security teams should empower people to take more control of their own security, not only at work, but at home and not only with themselves, but with their families as well. It is imperative in the coming years that people remain adaptive to the changing events, technologies and threats, and continue to view security awareness and the human factor as a necessary part of any security program.

With this in mind, we as an industry also need to continue to create innovative approaches to engage employees and ensure they are equipped with the knowledge that they need to play an effective role in preventing these attacks in the first place. 

Because after all, you can put all the technology in place but the people will remain a major factor when it comes to securing your company and its assets.

For Cyber staff training please contact us at Cyber Security Intelligence. 

Infosecurity:

You Might Also Read:

Cybersecurity 2019: Predictions You Can’t Ignore!

« US Marines Turn To Artificial Intelligence To Better Deploy Troops
Germany Develops Offensive Cyber Capabilities Without A Coherent Strategy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Akin Gump Strauss Hauer & Feld

Akin Gump Strauss Hauer & Feld

Akin is a leading global law firm providing innovative legal services and business solutions to individuals and institutions. Practice areas include Cybersecurity, Privacy and Data Protection.

Ionic Security

Ionic Security

Ionic provide a high-assurance data protection and control platform built on strong encryption, fine-grain control and contextual analytics.

Kroll

Kroll

Kroll provides clients a way to build, protect and maximize value through our differentiated financial and risk advisory and intelligence.

Shape Security

Shape Security

Shape Security provide best-in-class defense against malicious automated cyberattacks on web and mobile applications.

Cyber London (CyLon)

Cyber London (CyLon)

CyLon is a leading cyber security accelerator and seed investment programme. We help entrepreneurs from across the globe to build cyber security businesses, raise investment, and develop partnerships.

QuillAudits

QuillAudits

QuillAudits offers advanced Ethereum, EOS, TRON smart contract audit, blockchain protocol security and formal verification to ensure your platform’s integrity.

Monster Jobs

Monster Jobs

Monster is a global leader in connecting people to jobs, wherever they are. Monster covers all job sectors including cybersecurity in locations around the world.

KETS Quantum Security

KETS Quantum Security

KETS harnesses the properties of quantum mechanics to solve challenging problems in randomness generation and secure key distribution and enable ultra secure communications.

VectorUSA

VectorUSA

VectorUSA is a premier technology solution provider. We design, build and maintain cybersecurity, data center, wireless and managed solutions – transforming business needs into technology solutions.

Cyberfort Group

Cyberfort Group

Cyberfort exists to provide our clients with the peace-of-mind about the security of their data and the compliance of their business.

BriskInfosec Technology & Consulting

BriskInfosec Technology & Consulting

BriskInfosec provides information security services, products and compliance solutions to our customers.

du

du

du is a telecommunications service provider providing UAE businesses with a vast range of ICT and managed services.

Dutch Institute for Vulnerability Disclosure (DIVD)

Dutch Institute for Vulnerability Disclosure (DIVD)

DIVD's aim is to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them.

Moore ClearComm

Moore ClearComm

Moore ClearComm is part of Moore Kingston Smith a leading UK firm of accountants and business advisers. Our services include Data Privacy, Cyber Security, Business Continuity and Information Security.

Gem Security

Gem Security

Gem is on a mission to help security operations evolve into the cloud era, and stop cloud threats before they become incidents.

Cyviation

Cyviation

Cyviation's mission is to mitigate ever-growing and menacing Cyber Security threats, focusing on aircraft, airlines and airports.