Cybersecurity: The Value of a Good Teacher
With any major threat, you need to equip yourself with the proper training if you’re going to tackle it effectively. Understanding what you’re up against and how you can avoid unnecessary damage is as important as actually facing the threat itself. As much as he wanted to, Luke didn’t take on Vader until he’d trained with both Obi-Wan and Yoda and even then, he came away with one less appendage than he’d hoped for. It wasn’t until Luke had completed his full training that he was able to win the real battle and there’s a lesson in that.
The need for training and education before taking on any challenge is absolutely key. After all, how can you be expected to manage something if you literally don’t know how to?
Cybersecurity is no different.
Currently, the cybersecurity threat landscape is shifting and evolving at an alarming pace. The hyperconvergence of Industry 4.0 has left many organisations struggling to keep up with the demand for robust security procedures and the cost is already proving to be substantial. The Internet Society’s Online Trust Alliance found that two million cyberattacks in 2018 cost $45 billion, and Cybersecurity Ventures expect the damage of cybercrime to reach $6 trillion annually by 2021.
These figures are alarming, and a common initial reaction is to worry that no matter what we do, it will never be enough. However, another statistic shows that this problem may be easier to fix than it seems. Risk solutions provider Kroll found that only 12% of data breaches in the UK come from malicious attacks, while the other 88% are the result of human error. This statistic alone should be enough to emphasise that, as a society, we need better training to keep ourselves safe online, both at work and at home.
The worst, best practices
Presently, there is simply not enough emphasis on implementing best practices in cybersecurity in a way that reaches the average employee. Verizon’s 2019 Data Breach Investigations Report found that 32% of all data breaches in 2018 were a result of phishing, a LogMeIn survey discovered that 59% of people use the same password for everything, and the Everest group reported that 50% of technology spend is being channelled into Shadow IT without the knowledge of executives or the IT department. All of this can become a serious vulnerability in an organisation, and cybercriminals know this.
However, failure to adhere to best practices doesn’t just apply to staff either. In fact, it’s quite the opposite. While many senior executives see themselves as insulated from cyberattacks due to their position in the organisation, Verizon reports that bosses are 12 times more likely to be the target of social engineering attacks. Remember, information is key, and who is likely to have access to more critical information and systems than a senior executive?
So, while hackers and malicious actors continue to grow in power and capabilities, it’s not our software or hardware that’s letting us down, it’s us.
The best, best practices
It’s fairly evident that further (or at least some) cybersecurity training is needed to restore balance to the force. But what’s the best way to achieve this? Unfortunately, there is no blanket approach to cybersecurity education and not everyone in your organisation represents a priority target or has access to the same systems and information.
Instead, begin with the basics, what does everyone need to know that could improve the security of your organisation? At the very least, you should start with commonly accepted cybersecurity best practices, including good password discipline, how to recognise phishing emails, and why multi-factor authentication is important. It’s important not to just focus on the ‘hows’ and ‘whats’ either. Be sure to explain the ‘whys’ so that staff fully understand the importance of these best practices and are motivated to follow them.
For many employees a job is just a job, they don’t want to feel as though they’re being asked to do anything extra. But in making this a part of company culture and teaching them that this ultimately makes it easier to do their work, they may be more inclined to take the advice on board.
Crucially, cybersecurity best practices and education should be a ‘lead by example’ endeavour. The board should take an active interest in cybersecurity and in ensuring that policies are adhered to throughout the rest of the organisation. From the top down, all it takes is one person to open a phishing email and everyone could be in danger, so this is a collective responsibility issue and senior executives need to play their part too.
Advice is your strongest weapon
Education around cybersecurity is the cornerstone of any strong defence, and has the potential to reduce the biggest causes of security incidents in business: human error. But don’t get complacent, education isn’t everything and there is still plenty to consider when reviewing your security. New developments such as cloud infrastructure and remote working are becoming more ubiquitous and each come with challenges of their own that will need to be addressed in time.
For now, the simplest and most effective method to give your organisation the edge over cyberthreats is to ensure that everyone understands the risks and what actions they need to take in order to mitigate them. While this doesn’t solve the problem of hackers and malicious actors altogether, it’s a vital (and relatively easy) step to close obvious gaps in your cybersecurity. These simple changes could prevent your organisation from becoming yet another damning statistic.
For an in-depth look at what you can do to ensure your business is secure in the face of the growing cyberthreat, be sure to read our whitepaper ‘Secure by Design: A Roadmap to Cybersecurity Success’.
Our cyber consulting team works with clients from public sector bodies and global businesses to SMEs and start-ups. Read our success stories here. Learn more >
See what our team have been discussing around current issues in regulation and data security, and recommended processes and policies that will benefit your business. Learn more >
In our collection of whitepapers, Cyberfort’s cyber consulting experts explore issues from cyber threat intelligence to incident planning and data security. Read our whitepapers to help make informed decisions for the benefit of your business.Learn more >