The Benefits of Cyber Security Training: The Human Firewall
Cyber Security Training and Company Culture are key elements of a successful Cyber Security strategy. This is because most of the vulnerability an organisation faces from cyber in-security comes from within. The Human Firewall is about raising employee awareness and incorporating best practices into every aspect of the business.
What is Cyber Security?
Cyber Security is fundamentally about protecting your data from any unauthorised online access.
In essence, Cyber Security brings about technologies, processes and controls designed to protect systems, networks and data from Cyber-Attacks. Effective Cyber Security reduces the risk of Cyber-Attacks and protects the organisation against the unauthorised exploitation of systems, networks and technologies.
Why is Cyber Security Training important?
Some quick facts:
- Data breaches exposed 4.1 billion records in the first half of 2019.
- 62% of businesses experienced phishing and social engineering attacks in 2018.
- £27BN is the estimated cost of cyber-crime in the UK.
- $3.9 million is the average cost of a data breach.
- The cost of lost business averaged $1.42 million.
What is The Human Firewall?
Did you know that 91% of all successful data breaches started with a phishing attack? In 2018, just over a third (34%) of cyberattacks involved internal actors.
The human being is the single biggest point of failure on a computer network. Additionally, the actions of a human logged on to the network with a valid set of credentials are impossible to control with technology.
So if you lose or give away your logon credentials, people will be able to impersonate you.
Cyber Security is everyone’s responsibility
Your employees are your strongest line of defence, or your weakness link.
Empowering your employees to recognise common cyber threats is key to your organisation’s online security. Our Cyber Security Training teaches your staff to understand vulnerabilities and threats to business operations. As a result, your employees will have the awareness of their responsibilities for Cyber Security at work.
Types of Cyber Attacks
Phishing
Phishing is where criminals attempt to deceptively steal your information, primarily through emails or pop-up windows. They are largely indiscriminate and anonymous.
Those who do reply to the emails, or click the pop-up links are likely to receive further attacks. Furthermore, their information may be kept by the attacker for future use, or to sell to others. For instance, clicking links or opening attachments will at best direct you to a marketing site. It might reset your browser homepage or search engine. At worst, it will install malware onto your device.
Spear Phishing
Spear phishing involves directly targeting a victim of attack by using information found about the victim online – usually via social media profiles. Using this information, attackers can present themselves as friends in need, or businesses with topics you may be interested in.
Moreover, attackers can increase pressure with an urgent request such as a software upgrade for a new device you’ve recently purchased and showed off online.
Social Engineering
Not all Cyber-Crime is committed via emails or websites. Social engineering is where criminals con users into revealing sensitive information and granting access to secure areas by manipulating (or “engineering”) behaviours. As a result, it is designed to elicit information directly, or to use for further attacks and can be committed face to face, a computer, or phone.
What happens if a Cyber-Attack is successful?
If a Cyber-Attack is successful you are likely to:
- Introduce malware, keyloggers, remote access software and ransomware to your systems
- Compromise your systems, disrupting the business
- Make your data or business data available for sale on the dark web
- You or the business will be defrauded
- Be fined for breaches of personal data
- Suffer reputational damage
- Lose business
Case studies
Motorists were targeted with a new DVLA phishing scam
In this scam fraudsters sent out text messages that appeared to come from the DVLA informing the recipient that they were due a refund for an overpayment on their account.
Damages from a ransomware attack on Norsk Hydro reached as high as $40M
Norsk Hydro, a Norwegian Aluminium company, had lost as much as $40.6 million since it was attacked by LockerGoga ransomware in March 2019.
How we can help with Cyber Security Training
Get in touch if you’re interested in how we can help you with Cyber Security awareness training. You can reach us through our contact form, or email us at info@infoaware.com.
Alternatively, take a look at our Cyber Security Off-the-Shelf training page for more information.