Even the most advanced security solutions can’t completely guard against the sophisticated approaches hackers leverage to target individual users. All it takes is an employee to open a single malicious attachment or click one infected link, and the company’s entire cybersecurity posture is at risk.
These actions are so simple and ordinary – opening an email, following a link to a website – it’s more complicated than ever for enterprises to shore up their cybersecurity. However, with robust employee user training that helps drive home the importance of the employee’s role in the overall data protection and cybersecurity landscape, businesses can reduce the risk that one of their users will open the door to a digital attacker. Employees from all levels of an organisation require security training, from entry-level employees right up to the CEO. Hackers are increasingly utilising more advanced techniques to dupe users and encourage attacks. Current statistics back this up: Overall, 52% of breaches featured hacking, 28% malware and 32-33% included phishing or social engineering – according to Verizon. Of these, it is most likely commonly associated with human error. With such a high percentage of issues due to employee actions, enterprises can no longer ignore the crucial role of users in the overall cybersecurity landscape. Appropriate training, including suspicious elements to look out for as well as awareness of current hacking techniques, should be a top priority for organisations in any industry.
So, for the burning question, how should you approach employee cybersecurity training? Here are a few tips and best practices that organisations can incorporate into their employee-focused training to help support success. Security training can be overwhelming, mainly if the organisation has never engaged in this type of initiative before. Because the threat landscape is continuously changing, it can be difficult to discern where to start. A good beginning point, however, includes raising awareness of the current top threats and ensuring that employees understand how these vulnerabilities could impact the organisation and what actions they can take to reduce the chances of this taking place.
Trend Micro highlighted in its 2019 Midyear Security Roundup, some of the top issues faced during the first half of this year include:
- Ransomeware remains widespread, with costly consequences
- Threats increasingly ‘live off the land’. The significant surge in fileless events Trend Micro detected in the first half of 2019 — 18% more than in the whole of 2018
- Targeted attacks employ more tried and tested techniques than new ones
- IoT and IIoT security remains a significant issue
- Messaging threats further diversify
- Pervasive vulnerabilities make patching even more important
Making sure that employees are aware of and understand top threats like ransomware and Business Email Compromise (BEC), in particular, can help considerably reduce the chances that these issues will impact the business’s security.
It’s essential to educate users on the approaches that hackers use to support attacks like BEC and ransomware, which include phishing and social engineering, specifically. According to TripWire, ‘phishing is the most common type of social engineering attack that occurs today. Most phishing scams attempt to access things such as personal information, redirect end users with a malicious link to un-secure landing pages and manipulate user actions by imitating a sense of urgency. If the end-user carries out these actions without realising, this is often the first stage in covert information-stealing operations.
To find out more about best practices for employee cybersecurity training and the role that advanced software solutions can play in an enterprise’s overall security posture, connect with our team at sales@twenty-four.it.