Cyber security is something that can be considered equivalent to the vault that has all your valuables in it. It is extreme and requires attention. Since the last decade, cyber-criminals have shifted their focus from individuals to employees within organizations. Thousands of cases have been reported and have amounted to a money worth billions of dollars. Some of the most infamous cases include:
In 2013, Target became the victim of a third-party credit card data breach where the vendor extracted the credentials outside of an appropriate use-case. The attackers leveraged the weakness present in the payment system of Target to access customer base and then install the malware. The attackers stole the personal information of customers including customer name, payment card details, credit card verification code etc.
In 2011, two groups of hackers launched a phishing attack on the employees of RSA, the security arm of EMC. These two groups had the support of the foreign government. All prey to the phishing attack that has compromised the SecureID authentication and extracted more than 40 million employee records.
These cases set a clear example of how mere negligence can destroy an entire organization.
What do reports say about such cases?
As per the report released by Kaspersky Lab, almost half of all the cyber-attacks and two-thirds of the data breaches are caused due to the negligence of an employee. 24% of the employees within the organization are not aware of the security policy of their own organization. In the same research, 44% of the companies admitted that employees do not follow IT security policies properly. During the year 2017, it was revealed that staff training was the second most adopted approach in ensuring cyber security with the percentage equivalent to 35%.
An online marketing firm, Reboot, claims that 67% of cyber-attacks are deployed on the lower level employees.
Cyber security ventures have predicted that by 2021, the cyber cost will cost $6 trillion globally. 42% of the large organizations and companies have accepted that they have been the victim of the phishing attack. According to Symantec’s 2018 Internet Security Threat Report, 88% of all the attacks use emails with malicious attachments that have been downloaded by employees resulting in a breach of server, device or network. Watchdog says 72% of breaches due to email occur in an organization which has less than 100 employees.
How can organizations create cyber awareness among employees?
These statistics are not just numbers but, have a very concerning relevance. This clearly justifies the age-old idiom of humans being the weakest link in the information security chain. It is, therefore, mandatory to strengthen this link in order to prevent from being exploited by attackers. Restricting access to confidential data and information can lessen the probability of the success of cyber-attack due to employee negligence. Implementing policies related to cyber security within the organization will be an add-on to the cyber security of the organization’s infrastructure. However, one of the most effective strategies is training employees.
Organizations should ensure that employees are ready to face cyber-attacks in real life. Cyber security companies like Kratikal help organizations in developing an immune system in employees against such attacks through their flagship product, ThreatCop. This is a cyber attack simulator and awareness tool that helps employees in learning about the different type of cyber-attacks, different forms in which these cyber-attacks can be deployed on them.