Cyberattacks are among the top three threats facing organizations today, according to a survey of 3,400 members of the Information Systems Audit and Control Association (ISACA), and only 38 percent of them say they are prepared to experience one.
If members of ISACA say they are not prepared, what is your preparedness level?
Awareness and time are two of the biggest challenges that sit between a business and cybersecurity preparedness. Many workforces lack awareness about security threats, and everyone faces the time crunch.
Here are seven reasons why neglecting security awareness training is a really bad idea.
1. We are human
IBM’s Cyber Security Intelligence Index reports that 95% of all cyberattacks are caused by human error. Companies spend millions of dollars on firewalls and other security technology, but they suffer breaches due to well-meaning employees who are unaware of security risks. We humans need professional training and education to reduce that high percentage of attacks.
2. BYOD (Bring Your Own Device) is the norm
Bring Your Own Device (BYOD) is becoming the new normal in today’s business environment.
- 77% of employees use their own mobile devices for work (Gartner, 2016)
- 59% of organizations allow employees to use their own devices for work purposes (Tech Pro Research, 2016)
- 87% of companies depend on their employees’ ability to access mobile business apps from their personal smartphones (Syntonic, 2016)
In addition, 70 million smartphones are lost each year, and nearly one-quarter of data breaches are due to malicious actors stealing corporate mobile devices.
While BYOD offers the freedom to work anywhere, it can also create security challenges, such as governance, compliance and mobile device management. That’s where Garnet River’s policy management services come in.
3. Phone snoopers are right behind you
If hackers are violating your privacy electronically, then the phone snoopers – folks who peek over your shoulder while you’re on your mobile device or laptop – are violating your privacy live and in person.
According to a Wall Street Journal report, these snoopers say they “aren’t embarrassed” by their actions. Among 84 participants in the 2017 German study who admitted to screen-snooping, only six said their targets were aware of being observed.
Snoopers can watch you input passwords and see confidential work-related documents.
4. Cybercrime evolves
Despite increased investment in the enterprise security landscape, cyberthreats continue to adapt to sophisticated defenses. User behaviors can expose otherwise secure networks to vulnerabilities. What was safe a year ago, or even a few months ago, might not be safe today.
Organizations need a programmatic approach to educate and empower the workforce – and to develop a security-minded culture where critical thinking is applied at every step.
In addition to the evolution of cybercrime methods, your workforce turns over when employees come and go, and the ones who remain need to be reminded of security protocol.
5. Your employees have gone phishing
You can probably detect the obvious phishing emails that come from a strange source, including the ones that have misspelled words, misplaced grammar or an attachment with a strange name. But can you recognize a sophisticated phishing attack? Hackers are trying new tactics all the time.
- 91% of hacking starts with phishing emails
- 30% of phishing emails are opened
- Phishing attacks in 2004: 1,609
- Phishing attacks in 2016: 1.2 million
(Source: Anti-Phishing Working Group)
6. HTTPS does not always mean a website is secure
Phishers are using HTTPS to fool victims into thinking phishing sites are safe. According to the latest analysis of trends by the Anti-Phishing Working Group (APWG), the presence of “HTTPS” at the beginning of a web address does not mean that the site is safe from phishing, and many internet users do not know this.
A phisher can break into the hosting of a website and install a phishing page there. Now he can gather transmitted data, such as passwords and credit card numbers. And phishers can set up their own HTTPS-protected sites that look like the site you want in order to lure users into a false sense of security. According to APWG and PhishLabs, nearly one-fourth of phishing sites are protected by https protocol as of fall 2017. As recently as the end of 2016, that figure was less than 5 percent.
7. The what-if lawsuit scenario
Your employee clicks on a phishing email, but who’s fault is it really? Did your company provide proper training to the staff and reinforce the training on a regular basis?
If a cybersecurity incident at your organization results in a lawsuit or insurance claim, one question the investigators will likely ask is: How much cybersecurity training did the employer provide its employees? According to a survey conducted by WeLiveSecurity, one-third of companies would reply “none”.
Ask us about Security Awareness Training
Garnet River, along with its partner Inspired eLearning, give you a turnkey security awareness training solution that comes with actionable analytics and measurements. Contact Garnet River today.