The benefits of Cyber Security training and the Human Firewall
What is Cyber Security?
Cyber Security is fundamentally about protecting your data from any unauthorised online access.
In essence, Cyber Security brings about technologies, processes and controls designed to protect systems, networks and data from Cyber-Attacks. Effective Cyber Security reduces the risk of Cyber-Attacks and protects the organisation against the unauthorised exploitation of systems, networks and technologies.
Why is Cyber Security important?
Some quick facts:
- Data breaches exposed 4.1 billion records in the first half of 2019.
- 62% of businesses experienced phishing and social engineering attacks in 2018.
- £27BN is the estimated cost of cyber-crime in the UK.
- $3.9 million is the average cost of a data breach.
- The cost of lost business averaged $1.42 million.
What is the Human Firewall?
Did you know that 91% of all successful data breaches started with a phishing attack?
The human being is the single biggest point of failure on a computer network. The actions of a human logged on to the network with a valid set of credentials are impossible to control with technology.
So if you lose or give away your logon credentials, people will be able to impersonate you.
Cyber Security is everyone’s responsibility
Your people are your strongest line of defence, or your weakness link.
Empowering your employees to recognise common cyber threats is key to your organisation’s online security. Our Cyber Security awareness training teaches your staff to understand vulnerabilities and threats to business operations. As a result, your employees will have the awareness of their responsibilities and accountabilities for Cyber Security at work.
Types of attack
Phishing
Phishing is where criminals attempt to deceptively steal your information, primarily through emails or pop-up windows. They are largely indiscriminate and anonymous.
Those who do reply to the emails, or click the pop-up links are likely to receive further attacks. Their information may also be kept by the attacker for future use, or to sell to others. For instance, clicking links or opening attachments will at best direct you to a marketing site. It might reset your browser homepage or search engine. At worst, it will install malware onto your device.
Spear Phishing
Spear phishing involves directly targeting a victim of attack by using information found about the victim online – usually via social media profiles. Using this information, attackers can present themselves as friends in need, or businesses with topics you may be interested in.
Moreover, attackers can increase pressure with an urgent request such as a software upgrade for a new device you’ve recently purchased and showed off online.
Social Engineering
Not all Cyber-Crime is committed via emails or websites. Social engineering is where criminals con users into revealing sensitive information and granting access to secure areas by manipulating (or “engineering” behaviours). Therefore, it is designed to elicit information directly, or to use for further attacks and can be committed face to face, by a computer, or by phone.
What happens if a Cyber-Attack is successful?
- Your click introduces malware, keyloggers, remote access software and ransomware to your systems
- Your systems will be compromised, disrupting the business
- Your data or business data will be for sale on the dark web
- You or the business will be defrauded
- You may be fined for breaches of personal data
- You suffer reputational damage
- You will lose business
Case studies
Motorists were targeted with a new DVLA phishing scam
In this scam fraudsters sent out text messages that appeared to come from the DVLA informing the recipient that they were due a refund for an overpayment on their account.
Damages from a ransomware attack on Norsk Hydro reached as high as $40M
Norsk Hydro, a Norwegian Aluminium company, lost as much as $40.6 million since it was attacked by LockerGoga ransomware in March 2019.
How we can help with Cyber Security awareness training
If you’re interested in finding out how we can help your organisation train your employees in Cyber Security awareness, get in touch today. You can reach us through our contact form, or email us at info@infoaware.com.
Alternatively, take a look at our Cyber Security Off-the-Shelf training page for more information.
