Humans... are we still the weakest link?
Human behaviour still presents a significant risk to business
Phishing, Social Engineering and Whaling
These attack vectors are designed to evade most technical solutions that are put in place, meaning they often result in a human having to determine if an email or a request is indeed legitimate and thereafter making a decision as to whether to action the request. Unfortunately making decisions without a degree of "cyber awareness" is proving costly to businesses.
"Around 80% of all cyber incidents are caused by human error".
Large and (not so) small
How we as humans and employees behave presents a significant security risk to an organisation, both large and small. The risks associated to a business are both reputational and financial.
According to research by Kaspersky Lab and B2B International (in 2017), the financial impacts on businesses of phishing and social engineering campaigns by malicious parties are significant. The following infographic illustrates the financial impacts alone.
Ask yourself, could your business sustain such a financial shock?
Addressing the problem
Awareness, awareness everywhere building a cyber aware business
The concept of security awareness is not a new one, however as the world becomes more interconnected and performance expectations increase, it should be receiving more air time in organisations large and small. It sounds like a lofty goal, however, every organisation should look to become "Cyber Aware" and ensure that it is entrenched in the business culture.
Such an outcome can be achieved through a combination of conditioning and awareness. And no we're not talking about hours and hours of lines,
..."thou shall not open a phishing email and thou shall not click that link"...
but companies need to ensure that there are rules and approaches to Cyber Security that are enforced through policy and organisational engagement. Through security awareness, training companies can ensure that they take a step further and employees at all levels can gain an understanding of the risks associated with their role.
So lets quickly have a re-take on Security Awareness training. What is it? In a nutshell, it is all about teaching your colleagues and employees to understand the risks and threats of doing business in today's cyber entrenched environment. In doing such, you provide staff with a basic understanding of internal policies, security controls, potential attack vectors and actors. Employees become more aware with the ultimate goal... Are my actions Cyber safe?
A strategy for all businesses
As we know not all business are built equally. And the same can be said about a business's Security Awareness needs. However we can't stress enough, how important it is for all business to have a basic level of cyber awareness within their organisation, enforced by policy, process and potentially formalised training. Secure-ISS can assist your business to understand your cyber awareness requirements. We offer a number of training programs, courses and frameworks across the spectrum of businesses, for big and small with an immature security framework, through to those looking to achieve security best practices.