Need for Cyber Security Awareness
With the progress of technologies comes the progress of criminal acts. The stories we hear every day about industries being affected by cyberattacks are more than what we can count. Some of the most known attacks are the WannaCry Ransomware and the Equifax breach.
There are various methods or as we like to call them “attack vectors” that help initiate attacks. Each attack can be initiated using one or more of these vectors. The most common attack vectors that cyber criminals have been using are email, websites, web applications, backdoors, and unpatched or legacy systems. As preventive methods, you could always patch your systems, install firewalls, proxies, and ensure there aren’t any backdoors to your systems. But one thing you cannot do is patch the people or determine their behavior. We wouldn’t say that people are your weakest link, but they are a part of it, and no link is whole if one side breaks.
According to Verizon’s 2019 Data Breach Report, 94% of malware were delivered via malicious email attachments. Of course, most employees would not intentionally open an attachment knowing it could be infected. Cyber criminals are usually not one but two steps ahead, especially when they’re targeting their victims – known as spear phishing. When an email is personalized, sent from what claims to be a legitimate entity or individual, and looks completely harmless can you really put the blame on your employees if they unintentionally cause a breach, anyone could fall for this, including yourself.
Hoping for the best and assuming that employees already know how to look out for a potential attack is the number one mistake companies make. It is the responsibility of the company to spread awareness and conduct trainings to the people just as much as it is to implement security controls.
Hoping for the best and assuming that employees already know how to look out for a potential attack is the number one mistake companies make. It is the responsibility of the company to spread awareness and conduct training to the people just as much as it is to implement security controls.
Some topics which employees should be given awareness sessions on can be (but not limited to):
- The organisation’s security policy
- The organisation’s Acceptable Usage Policy (AUP) (if available)
- Data classification and handling
- Types of cyberattacks (e.g. phishing, malware)
- Password Security
It is important to stress that awareness should be held for everyone including Managers and Executives, even if it is at a higher level. That is not only because everyone needs guidance every once in a while, but also because managers should be keen to show their commitment to both the company and the staff thus developing a greater confidence level of their leadership and governance in which employees will follow.
Awareness can be spread through multiple ways, some of which mentioned by SANS Institute are:
- Classroom-Style training (Workshop Sessions)
- Security Awareness Website
- Helpful Hints
- Visual Aids
- Promotions (such as flyers)
There is no wrong time to spread awareness, so start today rather than tomorrow.
Awareness can be spread through multiple ways, some of which mentioned by SANS Institute are:
- Classroom-Style training (Workshop Sessions)
- Security Awareness Website
- Helpful Hints
- Visual Aids
- Promotions (such as flyers)
There is no wrong time to spread awareness, so start today rather than tomorrow.
We at Sysprove are ready to help you spread awareness in your company by conducting awareness workshops that are both educational and interactive. So, let us take the weight off your back, for more information download our brochure: link or contact us
References
Verizon. (2019). Data Breach Investigation. https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report.pdf.
