Is Employee Cyber Security Awareness Inevitable?
Gone are the times when our only security concern was making sure that our doors and windows were locked. Due to rise in technology and the growth of online activity, the manner in which we now work has changed, putting not only our personal data at risk but also business data at risk too.
We often scrutinize the belief that a cyber-attack would never happen to us, perceiving that we won’t be targeted, and if so, we would be too tech savvy to be caught out by it. 20 years ago we would agree that the likelihood of being victimized from a cyber-attack would have been highly unlikely, yet in today’s cyber society, barely a day goes by without a cyber-related incident hitting the news headlines.
Cyber security is now going mainstream, but the problem that we face is keeping it in the mindset of our workforce on a daily basis. Majority of businesses (67%) have spent money on their cyber security, which is higher among medium firms (87%) and large firms (91%).
There is often a misconception when it comes to cybersecurity, claiming that if the right technology is in place, then the people using it shouldn’t be an issue. It’s all well and good having the latest antivirus protection software installed, but one wrong click from an employee and before you know it your organization can come crashing down. The importance of providing information security awareness training cannot be emphasized enough.
With 46% of businesses experiencing a cyber-breach in the last 12 months, it is of no surprise that cyber security training is not only becoming ever more demandable for organizations, but increasingly necessary.
It is estimated that almost 90% of data breaches are caused through human error, with social engineering exploits only set to magnify. With more and more employees now connected to the internet, and relying on IT to go about their jobs, this has provided cyber-criminals with limitless opportunities to exploit the vulnerable, especially targeting those who have very little understanding and awareness on the issue.
The goal of a training program should not simply be to ensure your employees are aware of security threats. Training goals should focus on the bigger picture, working towards creating an information security working culture within your organization, and ensuring employees can be trusted as the frontline defense mechanism to counter any incoming cyber-attacks.
Training helps break down the ever growing communication barrier that now exists between IT compliance and end users, protecting business critical information, as well as reducing the down time caused by the effects of a cyber-attack.
Moreover, when organizations are seeking to gain ISO27001 certification from Accredited Registrars, staff training is often one of the requirements that the Information Security Management standard will require as part of its regulation.
Anybody can be a target,from an individual to a large organization. An attacker can have a number of motives, some less obvious than others. For example, a cyber-criminal who isn’t interested in money won’t necessarily target a large corporation with plenty of cash. Other motives for a breach can include theft of data, reputational damage, or simply to cause general malice.
Having the latest protection software installed on your devices does not automatically guarantee an organization from becoming victimized from a cyber-attack. One wrong click from an end user is all it takes to leave your information security hanging in the lurch, putting both you and your organization at risk.
Some organizations have board members with responsibility for cyber security which isn’t good enough. Essentially by not educating or training your workforce on cybersecurity and the issues it prevails, you are simply pushing your employees under the bus, with it being only a matter of time before they fall victim to a vicious cyber-attack, consequently coming back to bite YOU. It’s easy to play the blame game that was employee A from the sales department who opened the dodgy email that lost all of our data, therefore he’s the one in the firing line. But this shouldn’t be the case!
There’s a difference when it comes to responsibility and accountability, in that you can share responsibility however being accountable for something, you must be answerable to your actions. This applies to cybersecurity. It is everyone’s responsibility to ensure that they are dealing with information security in a safe and controlled manner, however not everybody is accountable. Whether it’s the CEO, Managing Director or Data Officer, it is critical that somebody within your organization can take accountability for information security. Make sure your organization isn’t featured on the next double page spread of a newspaper – for the wrong reasons.
The Institute of Forensics and ICT Security and ICT Security will empower you with awareness of the trending forms of attacks that are made on systems and equip you with first hand solutions to these attacks. With all this in mind, follow this link; Training calendar to see more of the courses provided both at the Institute and in-house at venue of your choice.
Responses