Why Is Security Training So Important?

Although this is a question that elicits a qualitative answer, I will attempt to provide a quantitative response.
11 seconds – the average time between ransomware attacks
34% – number of local government organizations that were victims of ransomware attacks in the last year
$1,500 – the amount per employee lost to phishing attacks
50% – the number of ransomware attacks that target organizations with fewer than 100 employees
$955,429 – the average cost for a small or medium business to return to normal operations after a cyber attack
$570,000 – the average ransom demand
39% – the number of companies that pay a ransom but receive NONE of their data back
80% – the number of ransomware victims that are hit with another ransomware attack within 12 months
95% – the number of data breaches that occur as a result of employee mistakes
70% – the amount of customer business lost following a data breach
$764,000 – the median cost of a Business Email Compromise
72% – reduction in impact to operations from a cyber attack following security training
The last stat is the most important…because this is the one you have control over. By providing security training to your staff, you can turn your biggest security threat into your biggest security asset.
An untrained workforce is not simply a non-player in your security. They are a detriment because their inability to recognize threats can lead them to click on a malicious link or open a malicious file.
Training will help to keep your employees aware of threats and give them the tools they need to recognize them, stop them and report them.
The more the cyber security industry does to help businesses protect themselves, the more sophisticated cyber criminals become in their attacks.
It is also important to remember to make them part of the solution. Do not punish them. Rather, reward them for recognizing phishing attempts (i.e., real or simulations). It’s a simple carrot vs. stick methodology. If your employee knows what to do when they are faced with a threat, they will feel empowered to do something.
While technology tools are important in protecting your network, your people are equally important. Maybe even the most important.
CYBER NEWS
North Carolina A&T hit with ransomware after ALPHV attack
North Carolina A&T hit with ransomware after ALPHV attack
The Record by Recorded Future gives exclusive, behind-the-scenes access to leaders, policymakers, researchers, and the shadows of the cyber underground.
therecord.media • Share
Creating a Security Culture Where People Can Admit Mistakes
Creating a Security Culture Where People Can Admit Mistakes
In cybersecurity, user error is the symptom, not the disease. A healthy culture acknowledges and addresses the underlying causes of lapses.
www.darkreading.com • Share
Credit agency warns weak cybersecurity defenses could hurt a company’s credit rating, even before an attack
Credit agency warns weak cybersecurity defenses could hurt a company’s credit rating, even before an attack
S&P Global Credit adds cybersecurity to list of risk factors for evaluating credit scores and will use NIST standards for the evaluation process.
www.techrepublic.com • Share
TIP OF THE WEEK
In the “Information Age,” fraud runs rampant when everything we need or want to know is at our fingertips. The key that fraud actors need to scam you is information about you. The following are steps to take to protect yourself from these criminals:
1 – Use Multi-Factor Authentication (MFA) on all accounts that allow you to do so
2 – Install Anti-Virus software on your computer and make sure to keep current with updates and patching
3 – If your phone number is required for setting up an account, go back into the account later and remove your phone number from your profile if possible. This is one way that scammers have to reach you is through your phone so take away that access
4 – DO NOT save your credit, debit card, or bank account information online with merchants you do business with
5 – On your devices, activate the biometric access (e.g., facial recognition, thumbprint) to keep a criminal out of your device if it is lost or stolen
6 – Freeze your credit at all three major credit bureaus (Equifax, Transunion, Experian). Do the same for your dependents. (This will prevent a criminal actor from making major transactions under your name.)
VOCABULARY WORD
Security Awareness Training (SAT): The program an organization uses to educate their employees about cyber risk and their role in being part of the defense against attack or breach. These programs can include training sessions (presentations), reminders, and simulations.
CYBER HUMOR