Organisations of all sizes are concerned about cybersecurity, and with good reason. With more employees working from home, most businesses expect an increase in email compromise and malware attacks over the next 12 months. There is now also an added threat of ‘ransomware as a service’ in which ransomware developers lease out their malware in exchange for a share of criminal profits.
The biggest gateway into an organisation for cybercriminals is through employees. A recent survey of 5,000 businesses around the globe found that 52 per cent considered employees to be their biggest weakness in IT security, whether by intention or accident.
Every day, there are new risks for businesses when it comes to social engineering, ransomware, malware and phishing attacks that specifically target employees. This has been recently evidenced by attacks on Microsoft Exchange servers, as well as Bunnings Hardware, UnitingCare Queensland and Ukraine government websites.
Cyberattacks are increasing
According to Business Australia, cyberattacks are up 30 per cent in the past six months as cybercriminals exploit the pandemic and shift to remote work, with 43 per cent of attacks targeting small businesses. Ninety per cent of attacks are successful due to human error. [1]
A recent study found that, without the risk of human error, 19 out of 20 data breaches would not have happened at all. [4]
In 2022, hackers are developing new strategies to capitalise on organisations’ expanding attack surface due to factors such as the increased number of intelligent devices, hybrid work, the Internet of Things, and adoption of 5G.
While many organisations recognise the growing cyber risk and are now turning to cyberinsurance to mitigate their losses, the best way to protect businesses is through preventing a successful attack in the first place. Achieving this depends on how well the organisation empowers its first line of defence, its employees.
Empowered employees reduce cyber risk
The right level of cybersecurity training delivered to employees can reduce an organisation’s risk of cyberattack by up to 70 per cent. [5] However, successful training relies on a combination of accessibility, engagement and accountability.
Cyberawareness training that can be easily accessed and is engaging is key to inciting behaviour change in employees, so they not only become aware but also adopt cybersafe practices in their everyday activities.
This requires the training to address all areas of accessibility from network connections and devices used through to the individual learning needs of each employee. Tools such as adaptive online training use advanced computer science to automatically adjust training to the specific needs of the participant. These tools enhance the user experience with a tutor-like approach that identifies areas such as unconscious incompetence and how to increase an employee’s inner motivation to learn.
The content itself must also be engaging and tailored to the employee’s current cybersecurity skillset. The most powerful types of training content that achieve the highest employee retention of learned materials are those that use humour and gamification. Current technologies provide gamification, such as quests and phishing simulations, that align with specific job roles across all levels of the organisation.
Ensuring cybersafe behaviours
Motivating employees to attain new cybersecurity skills and take accountability for protecting the organisation online can be particularly challenging, especially given human nature often involves returning to doing things the same old way because it’s easy, even if it puts the organisation at risk. An experienced training provider can help organisations and their employees to fully understand the criticality of cybersecurity and encourage a cybersafe culture.
A trusted training partner will support and monitor the organisation’s learning journey, identify higher-risk areas and employees, work with the business to reduce those risks, and regularly reinforce cybersafe behaviours. This approach is proven to significantly reduce the risk that an organisation will suffer a cyberattack and the associated financial and reputational issues it causes.
Truis is a trusted cyber awareness training provider with International Standards Organisation accreditation across ISO9001 and ISO27001. This means we have the right policies, processes and procedures necessary to provide products and services that meet customer and regulatory needs. It includes having procedures in place that safeguard our partner and customer data.
At Truis, we specialise in understanding people and their business goals. Based on transparency and accountability, our tailored IT services and solutions solve business problems and help our customers reach their goals with complete confidence.
To learn more about how the fundamentals of cyberawareness training can reduce your risk of cyberattack read our tip sheet, or contact the Truis team today.
[1] https://www.pwc.co.uk/press-room/press-releases/two-thirds-of-uk-business-leaders-expect-cyber-security-threat-t.html
[2] https://www.kaspersky.com/blog/the-human-factor-in-it-security/
[3] https://www.businessaustralia.com/resources/news/cyber-security-trends-businesses-can-anticipate-in-2022
[4] https://thehackernews.com/2021/02/why-human-error-is-1-cyber-security.html#:~:text=’Human%20error%20was%20a%20major,in%2095%25%20of%20all%20breaches.&text=Mitigation%20of%20human%20error%20must,cyber%20business%20security%20in%202021.
[5] https://www.pensar.co.uk/blog/cybersecurity-infographic