There’s an emerging trend that’s calling for end-user education and accountability to be the latest innovation for cybercrime – and honestly, it makes sense!
We’re not ones to name and shame, it’s uncomfortable, and we know that when it comes to cybercrime, it’s never an intentional move to click a malicious link, or download a virus from an email – that’s exactly the nature of cybercrime – they trick the innocent! However, with cybercrime recently ranked alongside extreme weather events and the prospects of a nuclear war as the most likely and dangerous risks threatening the stability of our society (WEF 2018), the emphases on taking the necessary precautions are more important than ever.
As it currently stands, cybercrime is intensifying, and although businesses continue to spend big on security solutions that assist to protect users from infiltration attempts, cybercriminals still have the ability to slip through the cracks every now and then, causing downtime and devastation to business operations, and depending on the type of business, potential devastation to the wider public.
The World Economic Forum 2018 reported that in the last year, cybercrime wreaked havoc on society, with even more impactful damage predicted. The report showed that not only had cyber breaches almost doubled in five years, from 68 per business in 2012, to 130 per business in 2017, but cybercriminals also have an exponentially increasing number of potential targets, because the use of cloud services continues to accelerate and the Internet of Things is expected to expand from an estimated 8.4 billion devices in 2017 to a staggering projected 20.4 billion in 2020.
What would once have been considered large-scale cyberattacks are now becoming normal, and cybercriminals are more inclined to target critical infrastructure and strategic industrial sectors, raising fears that, in a worst-case scenario, attackers could trigger a breakdown in the systems that keep societies functioning. Thankfully, WannaCry’s ultimate impact was relatively low, only because a kill switch was discovered, however it highlighted the vulnerability of infrastructure in a wide-spread attack. The attacks we’ve seen over the last few years suggest a move from data theft, to network ransom and even physical destruction – and the sad thing is, being a cybercriminal is now so accessible, and respectively cheap, resulting in it being quite a good business to be in!
There is a prominent need that moving forward, focus be put on anticipating attacks rather than reacting to them, and building a culture of cyber security within organisations is the perfect way to weave user education in with already robust security solutions that no doubt exist within technology environments. To leverage our place in the technology space as end-users, and gain training and education about how to avoid becoming a victim, is the link that seems to be missing in most businesses, whether they’re in government, medicine, law or accounting – even small business for that matter.
With the cost of a successful cyber attack being an average of $301 per employee, and 91% of all attacks starting with a phishing email, it’s a smart move for companies to increase their user education on this type of attack. Security Awareness Training was created in an effort to firstly locate weak areas of the business – this is where accountability comes in. In carrying out a simulated phishing attack, you’ll quickly find out how vulnerable your company is, and automate short examinations for the employees within your organisation who unknowingly click on the (fake) malicious link. This will help enforce greater awareness of what they could have looked out for in the email to show that it was in fact, an attempted attack. Running this training on a regular basis is an important preventative measure companies need to implement for greater security – not just for themselves, but their employees too.
Even with all the security solutions in place, something can still make it onto your devices. In putting efforts into employing a Security Awareness Training solution in your business, you’ll have greater peace of mind that your end-users are working with caution on a daily basis, and not only keeping your business safe, but also their personal email accounts and livelihood too.