It’s fitting that National Cybersecurity Awareness Month is in October—it may be vampires and zombies that spook us on neighborhood streets, but when it comes to cybersecurity, it’s the things we don’t know that can be the scariest. Never fear, cybersecurity professionals are working as the good guys—the knights in shining armor, the superheroes—attempting to prevent and combat the villainous schemes of the malicious attackers, who represent the metaphorical ghosts and ghouls trying to abduct and steal our information. But make no mistake, being one of the good guys can often be difficult--it’s like the saying, “the hardest thing to do is usually the right thing to do.” Because of how imperative it is to adapt to the innovation established by the evil doers seeking new ways to navigate around established defenses, the good guys must always be on their toes, anticipating the next jump scare.
Here are some spooky cybersecurity statistics to haunt you:
- Nearly 230,000 malware samples are created each day by hackers. (SC Magazine)
- It is estimated that hackers attack every 39 seconds. (University of Maryland)
- The average cost of a data breach will exceed $150 million in 2020. (Juniper Research)
- The majority of cybersecurity attacks are a result of human error. (Verizon 2019 Data Breach Investigations Report)
- According to a 2018 study, it took companies an average of 197 days to identify a data breach. (Ponemon Institute)
- By 2021 there will be an estimated 3.5 million unfilled cybersecurity jobs. (Cybersecurity Ventures)
Given how scary those points are, it’s unfortunate that we can’t just wake up from our nightmare, put down our book, or simply turn off the horror film to escape these cyber goblins. However, hope isn’t lost—just as Captain America has his shield and Tony Stark uses his genius, organizations need to equip themselves with tools, utilities, and, most importantly, employee education in preparation against the evil villains of the Internet world. While it’s still true that human error remains one of the biggest threats against security, employees can also serve as the biggest assets in identifying and reporting incidents in a timely manner—they just have to know what to look for while going about their work. The better an organization’s security training and awareness, the higher the number of reported incidents should be among its employees, and the smaller the risk of breach.
To determine what should be included in an organization’s training and awareness activities, one may evaluate applicable information from privacy and security policies before aligning the security training objectives with those of the firm’s mission and objectives. For additional information in structuring a security awareness program for your organization, refer to our blog article from Avani Desai, “Building a Security Program to Fit Your Enterprise.”
To help mitigate the
nightmare risk of human error, it’s advantageous to go ahead and educate your employees on the number of social engineering techniques that include but are not limited to attacks such as phishing, pretexting, baiting, etc.
We’re all familiar with phishing attacks, whether they are presented through website ads or directly sent to your e-mail inbox. According to Phishing.org, the term dates back to 1996, yet the attack is still a common threat with an elevated likelihood. Click on the wrong link at any given time and suddenly the horror movie has manifested itself, putting your company on display as an example of the importance of cybersecurity, as well as the price paid when it isn’t in place. As such, employee education becomes all the more important, especially since the majority of cyber insurance policies focus on attacks from the outside and do not cover phishing attacks, which are triggered internally. While tools such as firewalls, intrusion detection and prevention systems, antivirus software and the like remain extremely important for full protection, education is likely the strongest strategy in combating these targeted phishing spells. In order to be as shielded as possible, organizations should confirm what their insurance policy covers while applying mitigation strategies related to cybersecurity risks.
Per a recent DataReportal report, 45% of the total world population uses social media networks. A Global Web Index report took it a step further and found that digital consumers spend over two hours a day either browsing social networks or using social messaging. That creates masses of opportunity for an individual to inappropriately share sensitive information and once it’s out there, it can be hidden but never deleted.
Therefore, be cognizant of what information is being released on public sites, including personal identifiable information (PII), such as addresses, account numbers, birthdays, etc.
Internet connectivity has established itself everywhere, and with that has come several conveniences; however, with exponential amounts of convenience comes exponential amounts of responsibility. Whether you’re looking to keep your own information private or ensure confidential work information remains confidential, you can help minimize the risk of leaked or stolen data by doing the following:
- Educating your employees on how to spot phishing, baiting attempts and the like
- Leveraging industry standards such as NIST or SANS while referencing compliance guidelines including PCI, ISO, HIPAA, and the like for industry best practices
- Enabling multi-factor authentication, including biometric varieties
- Encouraging the use of password management tools such as LastPass, Keepass, etc.
- Applying patches and security updates to computer software
For more tips on personal accountability and security, the National Initiative for Cybersecurity Careers and Studies (NICCS) is a great resource that offers good details how individuals should be cognizant of internet use from both a personal and professional standpoint.
Quiz yourself with some cybersecurity awareness trivia, courtesy of NICCS.
About the AuthorMore Content by Collin Varner