Cyber Awareness Month - Lack of cyber awareness training is the weakest link in security strategies - not employees
With human error consistently revealed as the cause or catalyst in 85% [i]of cyber security breaches, company employees often get the wrap for being at fault or labelled as “the weakest link”.
Be an Anonymous Angel, donate HERE
Rather than blaming employees for doing something they shouldn’t, companies should consider the quality of cyber security education employees are getting and question if it is changing behaviour. Cyber awareness training that is effective at changing behaviour can reduce organisations’ risk of cyber threats by 70%. This is according to Isabel Adams, People Enablement Director, at AVeS Cyber Security.
“It’s fair to say that there’s a human element in most cyber breaches. But it is not fair to leverage the blame entirely on users. The quality of cyber education, or lack thereof, is to largely blame. A lot of the time, company users unknowingly expose company networks and data when they use unauthorised apps, browse malicious websites, click on unsafe links in emails, respond to phishing emails, or share information on social media. However, if they were trained well enough to truly understand how they are vulnerable and avoid the behaviours that could put them at risk, they wouldn’t have done it.”
Be an Anonymous Angel, donate HERE
Cyber awareness training tends to stop at awareness rather than working to change risky behaviours and instil a culture of cyber safety. Because cybercriminals are using emotional tactics and innovative vector attack methods, even with the most advanced and effective cyber security technology interventions in place, and some level of awareness training, the human element will remain a threat if there is no behavioural change. This can only happen with true understanding.
Adams says it’s important to bring it home that cyber safety and using internet resources and social media responsibly is not only about protecting company information and digital assets. It’s about protecting people too. Helping people understand that individuals are also targets of cyberattacks empowers them to instil responsible, cybercrime-wise behaviours to protect their own social media profiles, bank accounts and identities.
Be an Anonymous Angel, donate HERE
“Cyber awareness training can’t be an information dump of overwhelming content. It must be personal and relatable, or it will remain adversarial and the disconnect between awareness and behavioural change will prevail,”
stresses Adams.
Awareness and applying critical thinking are the basics of cyber awareness. Knowing what phishing is and how to identify a fraudulent email, or knowing that login credentials shouldn’t be shared, are foundational topics upon which cyber-safe behaviours can be built.
Many companies have yet to get these basics in place. Cyber security awareness starts and ends with a poster on a wall or a list of security policies circulated by email. In these scenarios, employees might have some awareness and know there are processes and policies to follow but they don’t understand why, what to do, or how their actions could impact the company or them as individuals.
Be an Anonymous Angel, donate HERE
Human error happens in several ways when there is a low perception of risks and roles. Skill-based errors happen when employees haven’t been shown the skills to identify scams or how not to respond to them. Other errors occur due to poor decision-making because they don’t understand the risks.
Cybercriminals go to great lengths to mask their scams and affect their attacks. They use inventive social engineering techniques to appeal to human emotions and trick people into giving away sensitive information, such as passwords and credit card numbers. Phishing is no longer an email-only problem. It happens on social media, through phone calls, called vishing (the fraudulent practice of pretending to be from reputable companies to get people to reveal personal information), and through SMS, to name just a few.
“It’s easier for cybercriminals to ‘hack’ a human compared to attempting to break through technology. They’re efficient at gathering data on their targets. By combing through employees’ public social media profiles, they collect valuable data on a person’s interests, jobs and activities. Every social media post and photo may contain important data that threat actors could use for social engineering."
Be an Anonymous Angel, donate HERE
“Employees not only need to be aware of these tactics, but they also need to know how to guard their emotions and understand what actions to take or not to take. It goes back to behaviour and changing that which makes companies and people vulnerable. The mere fact that you received a phishing email is not sinister. It’s what you choose to do with it that’s potentially dangerous.”
Be an Anonymous Angel, donate HERE
Adams concludes by saying that inculcating a cyber security culture can create a stronger defence against cyber threats than the most robust technologies or any single policy or procedure.
“Invest in proper training and embrace cyber security as a core business and personal value.”
Advertise HERE
October is Security Awareness Month, and AVeS Cyber Security will be hosting three one-hour cyber security awareness webinars, free of charge on 4 October at 10h00, 12 October at 10h00 and 19 October at 14h00.
|
iloveza.com is an award-winning Digital Media, Marketing, and Advertising Company (with Influence) est. 2015, with a global reach of over 1 million
E-mail howzit@iloveza.com to take your brand/business to the next level Like What You've Read ? Be an Anonymous Angel
CLICK HERE for the latest Tech News
CLICK HERE for the latest News & Trends
Follow @letstorqueza
Keep up to date with all that is happening in South Africa
with iloveza.com
Subscribe to our Newsletter
Subscribe to our Weekly Digital Advert Only Pamphlet
Follow @ilovezacom on
#iloveza❤️🇿🇦 #AfterFajrGrind
iloveza.com Accolades: 2021 Winner of Brand South Africa's Nation Pride Play Your Part Award 2018 Winner of Tech Savvy Boss Award at the Roshgold Young Business Achiever Award
Nabihah Plaatjes Accolades: 2018 Contributing Author to SAFFRON: A Collection of Personal Narratives 2017 Recipient of Owami Women & Brand South Africa's Play Your Part Award Ziyaad Plaatjes Accolades: 2021 Mail & Guardian Top 200 Young South Africans: Arts, Entertainment, Film & Media 2020 Contributing Author to There's a Story in Everyone |
