Cybersecurity training: the key to strengthening your security posture
FYI, this story is more than a year old
Article by Ivanti APAC PreSales area vice president Andrew Souter.
Cybersecurity issues are currently the top business concern across all businesses globally, says the 2019 Travelers Risk Index.
Although the digital age enables everyone to access information across the globe from the comfort of their homes and office desks, it also poses great security threats at the same time. Today, every organisation deals with business risks, and if not managed properly, they can result in major consequences both for the company and its employees.
Australian businesses are increasingly under cyber threats and one of the key reasons is human error. According to the Notifiable Data Breaches Statistics Report by OAIC, among the 537 breaches notified from July to December 2019, human error was the second leading cause of data breaches (accounting for 32%).
Despite rigid security measures in place, a fat finger mistake can cost a company millions of dollars. 2019 IBM Security cost of a data breach report shows the average cost of a breach in Australia was US$2.13 million in 2019, up from US$1.99 million in 2018. The study also shows that Australian organisations take an average of 200 days to identify a breach and another 81 days to contain them, both longer periods than a year ago.
Actions such as sending valuable data to incorrect recipients via emails, accidentally emailing documents with sensitive data or unauthorised access, are some of the probable cause of a data breach.
Importance of training and upskilling
Increasing operational complexity, emerging new security tools, software and operating systems in the market makes it difficult for employees to stay ahead of the curve. Most cyber-attacks are successful because companies struggle to maintain basic security hygiene internally, of which human factors and employee behaviour remains a major concern.
Hence it is important for businesses to train employees on how to pay close attention to cyber threats and act in such situations. Continuous training and upskilling have always been a holy grail for organisations to bring employees up to speed.
Training employees on the importance of setting strong passwords, software updates, enabling security features and not clicking on suspicious links or downloading unauthorised software/apps can go a long way. Cybersecurity training is not always the top priority for employees, citing their day jobs and other items that are first in the list. Therefore, creating a mock cyber-attack drill would make employees aware of the implications of an attack and the importance of adhering closely to security policies.
Mobile device security
Another important thing to remember is mobile device security. Mobile devices such as phones and tablets are becoming the main source of productivity. Right from checking emails, social media accounts, playing games, watching videos, and more—everything is done through those devices. This also means that more and more attackers are using mobile devices as points of attack.
In addition to laptop/computer systems, training employees to secure their mobile devices is equally important. One of the easiest ways to help secure the device is through a strong PIN or password. Most new devices also have biometric options, such as a fingerprint or face recognition. The truth is, most attackers go for easy targets. An attacker could spend days or weeks trying to penetrate a system, or could just sweet talk their way to getting information by sending a phishing email or making few phone calls.
Deploying specialised security tools, updating security policies regularly and closely monitoring employee activity, will help organisations in strengthening their internal security posture. Against the backdrop of a complex cyber threat landscape, businesses must have a strong and effective security awareness training program to lower exposure.
As the cybersecurity industry becomes more and more complicated, the fear of getting in the middle of a data breach is inevitable among businesses. Hence, enterprises and organisations can no longer turn a blind eye to the importance of employee training and upskilling.