Cybersecurity awareness: So easy to develop. So devastating when you don’t.
A November 2021 survey of hundreds of companies, cybersecurity professionals were asked to identify the causes for cyberattacks on their companies. The main causes are as follows:
· Employees opening malicious email link: 59.7%
· Out of date software: 43.8%
· Weak credentials on staff devices: 31.9%
· Ransomware: 16.0%
· Weak credentials on network devices: 16.0%
· Insider threat: 15.3%
· Software which was not fit for purpose: 12.5%
· Device theft: 7.6%
Note: answers are not mutually exclusive.
Looking at the above list of causes, 3 out of the top 5, directly relate to cybersecurity awareness. Email phishing attacks and weak credentials? Seriously? We should have been past these issues already.
Proper credential creation and usage should be repeatedly taught and trained as well as technically checked and controlled as much as possible.
The same goes for awareness in handling email messages. Be it a malicious link, a suspicious file or another phishing scheme – employees are your last and sometimes only line of defense against such attacks.
In both cases there are myriad solutions to help you increase employee cybersecurity awareness. Starting with human-led training sessions, through training gamification, short training videos with graded quizzes to assess the employee’s progress, to automated mock-phishing attacks at various levels to gauge overall tendency to click those malicious files and links.
Be your choice of solutions as it may, it’s always good to make sure that management and employees are on board and know the risks involved.
Comments