No matter how large or small your business is, it’s a target for cybercriminals, and the bullseye is squarely on the backs of employees. Cyberthreats range from malicious emails and social media to sophisticated ransomware attacks. In a related study, Storagepipe found that 61% of surveyed IT pros reported that their organization had experienced ransomware, a data breach or cyberattack caused by malicious emails in the past two years.
Your organization’s cybersecurity is only as strong as your employees’ ability to identify, avoid, and report suspicious activity. It takes a single unwitting click on a phishing link to grant criminals access to everything on a given network and, in some cases, beyond into other systems and applications.
With a reported 150% rise in ransomware attacks between April 2020 and July 2021, it is becoming increasingly important and essential for end users with access to business systems to learn more about how they can protect themselves and their organizations from various types of cyberthreats. Organizations that want to transform end users from the weakest link in the security chain into a truly resilient first line of cyber defense are exploring ways to effectively educate their employees.
Gartner Peer Insights and Storagepipe surveyed 341 tech decision makers to find out what the current state of cyber security awareness training is in their organizations and the common challenges they are facing. Here’s what they had to say:
Most (64%) decision makers describe the average employee’s understanding of cybersecurity best practices within their organization as satisfactory. Over a quarter (28%) believe employee cybersecurity awareness is below where it should be. We think that this is a concerning red flag that savvy IT leaders should heed.
Given our experiences helping customers with data protection and disaster recovery services for over 20 years, Storagepipe understands the importance of cybersecurity awareness training and the difference that it makes to a company’s cyber resiliency. We have seen the damage caused by a careless click or unwitting download and want to share our insights so that you can learn from our experiences pain-free.
Types of Cyber Security Threats That Target Employees:
Here are the top cybersecurity threats that your employees need to be aware of:
- Malware Attacks: Malware is malicious software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. Examples of common malware include viruses, worms, trojan viruses, spyware, adware, and ransomware.
To learn more about malware, check out our series “Why Malware Happens” where we discuss everything from Spam and Botnets, to Phishing and Social Engineering.
- Password Attacks: One of the most common forms of corporate and personal data breach is where attackers try to gain access to password protected accounts by stealing passwords using social engineering tactics or guessing them using random or systematic methods. A strong password creation and management strategy as well as two-factor authentication (2FA) or more robust multifactor authentication (MFA) are needed to prevent such attacks.
- Social Engineering Attacks: These types of attacks work by convincing victims that the attacker is someone they know like a colleague or friend. Social media platforms are often used to study and access victims and compromised or spoofed email addresses are used to send malicious messages and links. Under the guise of being someone that the victim trusts, the attacker manipulates the victim into divulging sensitive information or performing tasks that aide the attacker in their scam.
Read more about some common social engineering attacks in our April Fools blog where we have 7 Tips for The April Fool in All of Us!
Our suggestions are supported by stats from IT leaders. When we asked 341 tech decision makers what their biggest cybersecurity concerns were, here’s what they had to say:
The most common concern for end user cybersecurity risk among decision makers is phishing scams (77%), followed by passwords/access management (70%), and social engineering (54%). That is why some of the most common cybersecurity protocols in place are strong password policies and phishing tests.
But is that enough?
Security teams can implement an array of cybersecurity tools to protect business-critical assets, but they cannot necessarily control end user behavior around cybersecurity practices. End users may still be responsible for setting passwords and deciding if email is suspicious on a daily basis, both of which are vulnerable entry points for major cybersecurity breaches if incorrectly addressed. The better-informed end users are around cybersecurity, the better they will manage their responsibilities and help mitigate risk to the business.
Employee Negligence One of the Top Threats to Cybersecurity
When we asked IT leaders how serious they think employee negligence is when it comes to cybersecurity risks to their organizations, here’s how they responded:
Most (53%) decision makers agree that employee negligence is one of the top sources of cybersecurity risk. Here’s how serious it is:
Consider the number of user errors that result in security incidents each year. Then think about the subsequent productivity losses and the person-hours required for recovery. Now, factor in any regulatory fines and the loss of customer trust and business reputation. That reduction could easily mean the difference between thriving and struggling as a business.
So, what can organizations do to minimize it? Thankfully, businesses are paying attention and taking preventative and corrective action.
We asked IT leaders and decision makers what measures they have in place to minimize risky user behavior resulting in a decrease in cybersecurity incidents in their organizations. See their responses below:
The most common cybersecurity protocols in place are strong password policies (74%) and phishing tests (65%). Cybersecurity awareness computer-based training (SACBT) platforms (53%) and employee knowledge testing (52%) are also gaining popularity and are not very far behind. Majority of businesses are taking steps to implement cybersecurity awareness training for employees with a multi layered approach.
Storagepipe has found that implementing engaging training courses and faux phishing campaigns to help test end users’ knowledge are key to ensuring that employees gain and retain valuable cybersecurity awareness and skills as well as help to identify employees that are susceptible to phishing. These employees can automatically receive additional training to enable better learning outcomes and overall cybersecurity for your organization.
Download the full report to find out what are the common challenges decision makers face when it comes to providing Cybersecurity Awareness Training to end users and employees. Tech decision makers can use this report to benchmark against their peers. Get your copy today!
Cyber Security Awareness Training Programs:
The National Security Agency reports that over 90% of cyber attacks are preventable with basic Cyber Security Awareness Training. So, by just taking a cybersecurity awareness course and keeping in mind all the points listed in this article, you might already be a few steps ahead of those cyber-criminals and save yourself from serious issues and huge losses!
Running quarterly cybersecurity awareness training programs along with simulated phishing campaigns often results in a reduction in end-user click-through rates on the test emails and their faux links. When the click-through rate on phishing simulations drops during training sessions, end users carry over that cybersecurity savviness into the real world, resulting in reduced clicks on malicious emails.
Storagepipe can help identify weak points in your cyber resilience posture and provide a combination of cybersecurity services to help protect your business. Share your cybersecurity concerns today to see how we can help!
Storagepipe’s Cyber Security Awareness Training provides the continuous, relevant, and measurable testing and education that businesses need to minimize risky user behaviors and resulting security incidents. We also provide in-depth and executive summary reports on training and campaign results that enable IT departments to easily track and share key performance indicators with organizational stakeholders for improved visibility, decision-making processes, and outcomes.
Secure your business and employees while improving cyber resilience to minimize security incidents and unforeseen costs.