According to AT&T Cybersecurity Insights, 62 percent of organizations acknowledge that they were breached. As if that figure isn’t alarming enough, keep in mind that it does not account for the cyber hacks that have gone undetected. The number of actual breaches may be substantially larger.
Cyber hacks are expensive. A successful breach could result in millions of dollars in damages. In fact, a study that was sponsored by IBM suggests that at least for the 383 companies included in the worldwide study, the average cost of a cyber breach is about $4 million. For American companies, the organizational cost is even higher at just over $8.64 million.
These crushing figures could spell bankruptcy for many unassuming businesses. Unfortunately, many companies don’t realize that they are vulnerable to an attack until it is too late.
Business executives often believe that because they have a technological wall of protection around their network, their organization is breach-proof. This assumption could not be further from the truth.
A firewall, coupled with additional electronic intrusion alerts, can help detect direct threats, but what about the indirect threats?
A technological issue is frequently not the main culprit in a security breach. Human behavior is.
Based on IBM’s Cyber Security Intelligence Index, 95 percent of cyber security breaches have one thing in common: human error. Technological precautions and organizational policies are helpful, but they are not enough to avert an incident.
Employees are constantly interacting with the Internet. They frequently use wireless devices, work from home and transfer information over the web. Ironically, the same technological advances that have increased the productivity of modern organizations have also increased their vulnerability.
According to an article in BBC News, many workers ignore warning alerts that appear due to “security fatigue.” The article, which reveals alarming findings from the U.S. National Institute of Standards and Technology (NIST), shared worker concerns that could easily be alleviated by proper training: How could they stay safe without the resources of larger companies who couldn’t prevent an attack? Why were they being targeted if they didn’t work for the government or a financial entity?
A system compromise on the part of an employee is rarely intentionally. It is more likely that the worker simply has not had adequate cyber security awareness training to identify a risk and avoid it.
Email systems have been easy entry points for hacks. Each time a company worker opens an email or sends a file, there is a chance of a breach. To the employee, a document or attachment may appear harmless, but the moment that he or she clicks to open it, the organization’s system is compromised. Technology alone cannot eliminate the cyber security risks posed by an uneducated choice.
Adequate training is the key. When employees are armed with the knowledge they need, they are able to recognize a potential threat.
For any company that wants to remain electronically safe, training is not an option. It is a necessary defensive tactic. However, before the first class is taught, in order for the education process to be effective, organizations must poll employees to assess their training needs.
Once companies know where their workers’ awareness and knowledge levels fall on the cyber risk scale, they can identify the areas where they need additional training and have an effective benchmark for later comparisons.
Employees need cyber training that engages them sufficiently to facilitate behavioral change and minimize company risk. After all, hacks are coming.