Cyber security awareness is an essential part of something that can be considered equivalent to the vault that has all your valuables in it. It is extremely vulnerable and requires attention. Since the last decade, cyber-criminals have shifted their focus from individuals to employees within organizations. These attacks have cost billions of dollars in thousands of reported cases. Some of the most infamous cases include:
In 2013, Target became the victim of a third-party credit card data breach in which the vendor extracted the credentials outside of an appropriate use-case. The attackers leveraged the weakness present in the payment system of Target to access customer base and then install the malware. The attackers stole the personal information of customers including customer name, payment card details, credit card verification code etc.
In 2011, two groups of hackers launched a phishing attack on the employees of RS the security arm of EMC. These two groups had the support of the foreign government. This phishing attack compromised the SecureID authentication and extracted more than 40 million employee records.
These cases set a clear example of how mere negligence can destroy an entire organization.
What do reports say about such cases?
As per the report released by Kaspersky Lab, negligence of employees is the cause of almost half of all the cyber-attacks and two-thirds of the data breaches. 24% of the employees within the organization are not aware of the security policy that their own organization have. In the same research, 44% of the companies admitted that employees do not follow IT security policies properly. During the year 2017, 35% of organizations focused on staff training and it was the second most adopted approach to facilitate cyber security awareness.
- An online marketing firm, Reboot, in 67% of the cyber attacks, attackers have more often targeted lower-level employees.
- Cyber security ventures have predicted that by the year 2021, the cyber cost will cost $6 trillion globally. 42% of the large organizations and companies have accepted that they have been the victim of phishing attacks.
- According to Symantec’s 2018 Internet Security Threat Report, 88% of all the attacks use emails with malicious attachments that have been downloaded by employees that resulted in a breach of server, device or network.
- Watchdog says 72% of data breach attacks occur through email in organizations that have less than 100 employees.
How can organizations create cyber security awareness among employees?
- These statistics are not just numbers but, have a very concerning relevance. This clearly justifies the age-old idiom of humans being the weakest link in the information security chain.
- Organizations should focus on cyber security awareness among employees in order to prevent them against cyber-attacks.
- Restricting access to confidential data and information can lessen the probability of the success of cyber-attack due to employee negligence.
- Implement policies related to cyber security within the organization. It will be an add-on to the cyber security of the organization’s infrastructure.
However, one of the most effective strategies for increasing cyber security awareness is training employees. Cyber security awareness ensures that employees are ready to face cyber-attacks in real life. Cyber security companies like Kratikal help organizations in developing an immune system in employees against such attacks through their flagship product, ThreatCop. The tool ensures that employees have knowledge about the different type of cyber-attacks and various forms in which attackers deploy cyber attacks.