Every day there is a new data breach report and, before the start of the Covid-19 pandemic, cyber attacks were rampant, even the largest conglomerates like GE have had their defenses broken in recent months.
Now that organizations are forced to quickly adopt remote working practices as the norm, cybercriminals are rubbing their hands with joy. Employees working on an internal network were already a soft target for cybercriminals. After all, over 90% of all data breaches are caused by human errors, poorly trained in cybersecurity risks and potential threats. And now, companies with a remote workforce are even more vulnerable. With employees in the wild, cybercriminals are betting on the gold rush that accompanies the virtual Wild West.
The need for cybersecurity training
The problem is that, as many besieged computer scientists will tell you, even the best technical solutions in the world alone cannot secure your IT infrastructure. An employee's single click away from a phishing email can bring down even the most sophisticated and technically robust system. Hard-working IT departments will agree that one of their biggest challenges is helping network users understand the risks, what a cyber attack looks like, and what to do in the event of an attack. This is where organizations today need to turn this problem into a solution: make their staff the greatest security asset they have on the network by training and educating them in cybersecurity, literally while on the job and critically not only on a training schedule, and supporting them as they face these threats in real time. This effectively builds the “human firewall”.
The most common vulnerabilities start with Business Email Compromise (BEC) and Email Account Compromise (EAC), where the attacks have cost organizations more than $ 26 billion worldwide since 2016 (reported by the FBI). In fact, the FBI has just reported an increase in Covid-19-related BEC fraud with criminals using the virus as an excuse to reprogram or change payments or make other business changes to steal money and data . The main culprits come in the form of phishing e-mails which seem to come from familiar or reliable sources. Criminals Get More Sophisticated When They Use The Psychology Of The Moment By Exploiting The Circumstances, Passing Off As Trusted CEOs And Advisors And Cheating Even The Most Security-conscious Employees In Well-Executed And Targeted Attacks .
Most companies recognize that employee training is essential, and for cybersecurity issues, the business mindset is changing and companies are now treating cybersecurity not only as an IT problem but as a real business problem.
Cybersecurity education and training, even on site, takes time and effort: planning and scheduling training takes time and can be like herds of cats and you just can't respond to those who do not attend a session. Employees come and go and it is difficult to assess the level of knowledge in a changing workforce.
Build your human firewall
Today, it is important to recognize that with the evolution of work practices – such as remote work – training must also evolve – in particular with cybersecurity awareness training. Previous approaches such as scheduled training or random simulated phishing attacks are a good first step but do not completely solve the problem. Cybercriminals are always one step ahead. It is therefore essential to revise any existing training methodology and, in most cases, it needs to go further. Staying with the same methodologies will lead to the same net result: a compromised network.
Cybersecurity training must be part of the basic security set up on any network: every computer, every communication device is an open door for a criminal and at all times, ignorant employees do not just open the door – they involuntarily support it. and invite them. Every employee in an organization, large or small, needs to be trained in cybersecurity on how to identify and respond to risks.
The basics remain: employee manuals and company policies need to be adapted, in easy-to-understand, impactful and digestible messages to ensure that employees take cyber threats seriously. Training should be implemented horizontally and vertically. Cybercriminals don't care what level of employee they target or what department they work in.
Last but not least, especially with a remote workforce, training must be continuous and it must be in real time: this is crucial and key to best security practices. Cyber attack simulations should run automatically and monitor how the remote employee responds with simultaneous vulnerability alerts. Better networks allow employees to automatically alert IT to any strange or suspicious activity at the touch of a button, quarantining an attack. Taking action like these creates the foundation for a culture of cybersecurity within an organization and, ultimately, the “human firewall”. It is also easier than you might think to implement and deploy it with minimal resource overhead.
The bottom line – the human firewall is the fastest and most effective protection for any business – especially now that employees are spread across multiple locations and geographic areas. All organizations must recognize cybersecurity as a real business risk exacerbated by the presence of a remote workforce.
Investing in your employees
As we have seen in recent events, reducing short-term costs is a long-term loss. Real-time cybersecurity awareness training is inexpensive compared to the huge budgets invested in enterprise software solutions. Research has shown that the cost per employee is 44% cheaper using a real-time automated training platform, as opposed to scheduled training programs. The intervention provides immediate reactive training in employee behavior, thereby eliminating the time and cost of risk assessment and corrective action through scheduled training and continued staff completion. It is also fully automated in multiple languages, integrates easily with existing sophisticated network security installations, can be deployed quickly and transparently and maximizes the return on investment of the overall network security investment.
There is really no excuse, especially when you take into account the reduction in administrative costs. Businesses cannot cut corners on security, especially when the workforce is so fragmented and attacks are becoming more sophisticated. Give your employees an awareness of cyber risk and make it your first line of defense!