There are multiple approaches that a company can take to detect and or protect itself from a malicious actor. They can purchase the latest and greatest anti virus and malware detection suite, purchase end point management software to track company devices and ensure that they have the latest software updates, and actually review the logs that are associated with their various computing devices however, I’m going to focus on one area in which companies spend the least amount of time and money and that’s cyber security awareness training for the average user/employee. You see, you can have all of the latest and greatest technology to protect your IT infrastructure however, if Joe Schmoe accidentally sends an email containing the social security numbers of your patients to someone masquerading as your CEO or if Jane from accounting clicks on a phishing link and enters sensitive company financial information into what she believes is an internal company database, you’re going to have a bad day.
Let’s look at the cold hard facts. In a 2017 study, 65% of professionals identified phishing and social engineering as the biggest security threat to their organization. 62% of businesses have experienced a social engineering attack and 66% of organizations consider insider attacks or accidental breaches more likely than external attacks. What do all of these statistics have in common? The attacker doesn’t need to implement a zero day attack (an attack that exploits a vulnerability that has never been documented). The attacker simply need to exploit the victims emotions like their sense of trust. Countering social engineering is extremely important as IBM has found that the average total cost of a data breach in 2018 rose to $3.86 million, a 6.4% increase from the previous year.
So what can organizations do to improve their security posture outside of buying the latest technical solutions and hiring more cyber defenders? Implement a cyber awareness program and conduct training on an annual basis at the very least! There are many approaches one can take to develop a cyber security awareness program. CyberTraining365 has identified 5 steps to increase your cyber security awareness and the 5 steps listed require little to no technical background which means they can be implemented in no time.
It’s important to continuously evaluate your organizations security posture and identify your weak areas as you’ll need to constantly update the content of your cyber security awareness program in order for it to be effective!
Average Total Cost of a Data Breach Has Increased to $3.86 million – Global Study – Appknox | Mobile App Security, Resources, Best Practices & News
What Every Business Should Know About Social Engineering Cyber-Attacks
35 cyber security stats you should know in 2017
Data Breaches Often Come From Where You Expect It Least
Insider Threats – 2018 Statistics | United States Cybersecurity Magazine