Cybersecurity Awareness Training
Employee Training: Cybersecurity is everyone's job!
The importance of a continued cybersecurity training program for employees is reflected in the latest 2017 Verizon Data Breach Investigations Report (DBIR).
The report states that a mind boggling 88% of breaches analyzed for this year’s DBIR all fall into one of nine patterns Verizon recognized in 2014, including web-app attacks, Denial of Service, payment card skimmers, human errors and cyber-espionage. An additional conclusion by Verizon shows how social engineering has become an effective method used by cybercriminals, as 43% of breaches started on social media.
This report coupled with the 2017 OWASP Top 10 Web Application Security Vulnerability describe a cybersecurity vulnerabilty landscape that has not changed since 2014 despite the fact that firms continue to fortify their network security with intrusion detection and prevention technology. Unfortunately, data breach incidents continue to rise.
We often preach that security awareness is key. We must encourage teams across organizations to be vigilant and constantly aware of potential attacks in order to avoid them. A great example from this DBIR shows that 1 in 14 users (in an average company with over 30 employees) fell for a phishing scam by clicking on an unverified link or downloading a suspicious attachment. Furthermore, 25% of those very victims were tricked yet a second time. This only strengthens the obvious need for security awareness across the board.
We understand the expense, time and commitment required for a company to successfully provide a training program to its employees.
To this this extent, our customized SilentCitadel Cybersecurity Awareness Training (SCAT)™ program is delivered using user-friendly terminology and situational examples directly relevant to the targeted employees.
Our training covers everything employees need to know to keep your company's data and systems safe. Sample topics:
- Threats Overview: Malware, phishing & social engineering
- Password Policies: Best practices; 2FA and how to use it
- Web Protection: What to look for; what to avoid
- Email Protection: What to look for; what to avoid
- Preventive Measures: Best practices for security at home and business
Why should companies consider a cybersecurity awareness training program?
Raising employee awareness through cybersecurity training is the best step any employer can take to help increase their firm's cyber posture. Employees are the single largest weakness in a firm's cybersecurity program and when they are improperly or inadequately trained it creates a very large gap in your firm's cybersecurity defense that can be easily exploited by a hacker using social engineering.
Our experience is that firms can have an overreliance on technology in protecting their networks and internal systems. We believe that a blended effort of employee training and dedicated cybersecurity technology to be the most effective defense against hacking attacks. Technology can help you address 85% of hacking attacks, but it is the 15% that keeps the door open to successful hacking attacks.
Our recommendation is that organizations make a serious investment into their human assets if they truly want to be secure.
History has taught us: never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It's always better to assume the worst. Assume your adversaries are better than they are.
Amateurs hack systems. Professionals hack people.