Cybersecurity is a huge concern for businesses around the world—And for good reason. Being the victim of even what could be considered a “minor” breach, could come with major costs. An article by Steve Morgan published by CSO looked at cybersecurity data and predictions. Among its findings:
- Cybercrime damage costs are expected to hit $6 trillion annually by 2021.
- Cybersecurity spending is predicted to exceed $1 trillion from 2017 to 2021.
- Cybercrime will more than triple the number of unfilled cybersecurity jobs, which is predicted to reach 3.5 million by 2021.
- Global ransomware damage costs exceeded $5 billion in 2017.
Two key observations can be gleaned from the article: cybersecurity is expensive and humans are a major source of vulnerability to an organization’s cybersecurity. At least the second can be helped with training.
One of the primary methods hackers use to gain access to or disrupt a company’s network is through phishing, which Tech Target defines as: “a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels.” Phishing attacks fool people because the hacker uses fake, or hacked, e-mails to distribute malicious links or attachments that can do everything from shut down systems, to steal credentials or account information. These e-mails are often disguised as coming from someone known within the organization. Who wouldn’t open an e-mail purportedly coming from the CEO? And that’s precisely what makes this form of attack so challenging to address.
Training employees on identifying and avoiding cybersecurity risks is a key aspect of any company’s cybersecurity policy. Any employees can be the source of a vulnerability if they are unaware of the risks that are out there from even seemingly benign activities like checking their e-mail. That’s why cybersecurity firm Wuvavi recently announced the release of a phishing simulation component on its Wuvavi Platform.
“The phishing component is integrated into the employee training product to create an easy to use platform for any organization,” according to a press release published in Digital Journal. “An administrator enrolls the employees for training and/or phishing, selects a phishing campaign designed from real-world phishing attacks, and monitors employee activity. The system will train employees at a point of failure such as clicking a link in a phishing email.”
As cybersecurity threats and the potential financial impact of those attacks increase, companies are likely to invest increased resources into preventing attacks. Because humans are one of the most vulnerable elements of cybersecurity efforts, it makes sense that a lot of those resources will be focused on shoring up this human element. What training are you doing to minimize the human risk to your computer systems and proprietary data?