ARE CYBERSECURITY THREATS REAL?
IT is in my bones and in my blood. As such, I have a thing about cybersecurity awareness – or lack thereof. Also, I don’t understand the notion of people thinking that cybersecurity threats aren’t real. In 2020, it was reported that in 2020 at least 53% of companies in the UK and Ireland suffered at least one cyberattack that significantly impacted business operations. The main culprits were ransomware, cloud account compromise, insider threat, and phishing. And things are set to get much worse. 64% of small to medium-sized businesses surveyed in the UK have expressed their concern over been vulnerable to an attack in 2021. Larger firms, with over 2,500 employees, say that they have an 89% chance of falling prey to cybercrime.
WHO IS TO BLAME?
I am not an advocate of blaming people or ‘blame-shifting’, but you need to ask what or who is the main cause of cybersecurity risk? We are! 55% of CSOs and CIOs in the UK are convinced that human error and lack of cybersecurity awareness pose the biggest threat to their business. Here are the main causes of breaches resulting from cybersecurity unawareness:
• 43% – clicking on a malicious link or downloading a corrupt file
• 39% – being a victim of phishing email
• 35% – intentional leaking of data
• 35% – unauthorized use of devices and applications
WHAT CAN YOU DO?
While you can’t predict every move of a malicious employee, you can do a lot to stop cybercrime in its tracks. Here are some valuable pointers from the UK National Cyber Security Centre on employee cybersecurity awareness and education:
- Implement and enforce a user security policy that is jargon-free and customized to your business.
- Apply a staff induction process so that new employees, including contractors and third parties, know what they need to do to comply with your security policies.
- Provide and monitor ongoing refresher training on the security risks to your organisation.
- Create a culture of cybersecurity awareness and encourage your staff to report poor security practices and security incidents to senior management, without fear of castigation.
WHAT DO I RECOMMEND?
My last words on cybersecurity awareness are these:
- Check that your employees understand how real cybersecurity threats are.
- Train and train some more – you can always teach an old dog new tricks.
- Always follow-up to see that your security policies are being enforced – don’t take anything for granted.
- Be supportive of your staff and guide them into a world that is free of cybercrime.