Cyber attacks against organizations of all sizes are at an all-time high.
In a recent article in the Financial Times, Mark Hawksworth of Cunningham Lindsay says “hackers are increasingly targeting smaller businesses because larger employers have more resources to protect themselves, making smaller companies more vulnerable.” In many cases, large organizations are also at a high risk of being hacked due to a false sense of security.
The resource that matters most to these sitting-duck businesses is knowledge — but not just the know-how of company executives. Baseline workers connect to the Internet on a daily basis, and many are unaware of the threats lurking behind their mouse clicks.
Most security breaches are not due to technological failures, but to human mistakes. A report from IBM shares that human error is at the root of 95 percent of cyber hacks.
What does this mean for most companies? Providing effective cyber security awareness training is no longer a prerogative, it’s a necessity.
Each time a hacker’s email lands in an employee inbox, a company may be one click away from a breach. According to Intel Corp, up to 80 percent of businesses that are small to midsize have inadequate email security and data protection. If a company leader does not find this significant, he or she may not be aware of additional email-incriminating statistics: One report from Verizon Enterprise suggests that approximately 23 percent of email recipients open phishing emails containing ransomware. An additional 11 percent actually click the infected attachments.
Once the destruction begins, it may take companies years to recover their money — and their respect.
Still, most organizations are not poised to avert an attack. When a global survey from the Institute for Business Value (IBV) and IBM Security assessed the cyber security readiness of 700 company executives, results were not optimistic. Only 57 percent of the human resource executives had even offered cyber security training to company employees.
Many workers have only been exposed to limited information about security risks. They need training, and they need it fast. However, most company attempts at cyber education are ineffective.
People have limited attention spans. As a result, organizations often struggle to disseminate cyber security lessons that can shore up the holes in their human firewall. With employees losing most of the information presented in drawn-out training sessions, companies are spinning their wheels.
For better results, professional, cutting-edge cyber trainers are using short bursts of consistent training that take place frequently. Companies that choose to go another route will only add to the heavy losses from cyber theft, which according to Microsoft, have already reached approximately $3 trillion globally.
Motivated by greed and malice, and unconstrained by ethical boundaries, hackers employ any means necessary to launch an effective attack. Companies can either use employee education to strategically counter these efforts, or get hacked.