Not a week goes by without the news of another massive data breach. Large corporations and SMEs alike are submitting to persistent and ever-increasing cyber attacks. Such is the severity of the consequences that many companies go out of business.
The average cost of an incident for an SME is now £200k with over 60% going out business within 6 months if they are not adequately prepared. In July 2019 alone, cyber attacks resulted in over 2.3 billion records being leaked and large organisations have racked up fines that run into £millions.
When it comes to cyber security the C-Suite naturally turns to the CTO or CIO for solutions that mitigate risk, hoping to learn lessons from the misfortune of those who have succumbed to such attacks.
The biggest lesson of all, that may come as a surprise, is the power of the human effect in the protection of any business’s IT infrastructure – particularly when it comes to cyber security. Over 90% of data breaches are caused by human error: Employees are one of the biggest cyber security vulnerabilities and considered a “soft target” by criminals, due to their lack of understanding of the risks faced.
Instead of using highly technical and time-consuming hacking methods to breach a company’s systems, cyber criminals often prefer to target the employees themselves in order to get access to information and systems.
For cyber security, IT alone is not the holy grail: the combination of education and the right technical tools is the most expedient and efficient protection for any business. Building a strong cyber security awareness culture is the first step that all businesses need to take to combat these threats. All organisations need to recognise and prioritise cyber security and assign accountability for its risk to appropriately qualified senior executives. Cyber security is NOT an IT issue, it is a business risk.
This is where educating the workforce becomes of paramount importance and the only way to effectively do this is to train employees at every level within an organisation on what actually constitutes a REAL threat.
There are many tools and platforms available that help companies educate their employees to help them defend their networks. With these tools, forward-thinking companies can assess and reduce human cybersecurity risk exposure and train their staff to spot and report suspicious electronic communications that would open the network up to cyber criminals.
Most are easy to deploy and use by technical and non-technical staff, and the best have a comprehensive library of security awareness training content (videos, courses and assessments). Another equally important consideration is audit, regulatory compliance, cyber insurance and security requirements that further protect any business and are satisfied by the implementation of the right training tools and processes.
There are many routes to finding out the best solutions available. The Chartered Institute of Information Security (CIISec) is a non-profit independent organisation that gives accreditation to the best training and solutions available.
By understanding the importance of education on cyber risk, forward thinking organisations are innovating with pre-breach solutions and tackling the real fragility of human error. They are building the human firewall that, in turn, protects the technical firewall.
Stephen Burke, CEO, Cyber Risk Aware