How to Make Cybersecurity 95% More Effective

Cybercrime is on pace to cost the world $6 trillion by 2021. Effective employee training can help reduce the chance of your company sustaining a damaging cybersecurity breach—because human error is responsible for 95% of cybersecurity breaches! Let’s look briefly at the scope of cybercrime, how cybersecurity solutions can fail, and what you can do to prevent many of those failures and protect your company.

The Scope of Cybercrime

With everything from watches to fridges becoming “smart devices,” there are expected to be 20.4 billion connected devices sharing endless information by 2020. This level of connectivity and information sharing has led to an exponential increase in opportunities for cybercriminals.

With organizations collecting, processing, and storing extraordinary amounts of sensitive data, protecting that data and the systems that hold it is crucial. IBM Chairman, President and CEO Ginni Rometty says, “Cybercrime is the greatest threat to every company in the world.” Additionally, legendary business magnate and investor Warren Buffett has warned that cyberattacks are a threat on par with nuclear, biological, and chemical weapons.

Organizations have committed vast resources to act on these warnings. The U.S. Government plans to spend $15 billion on cybersecurity in 2019 ($583 million over 2018). Global Market Insights estimates that the cybersecurity industry will reach $300 billion by 2024. That scale of resource allocation is commensurate with the increase in cybercrime. In the last five years, financial losses from cyberattacks rose 62% and high-profile attacks have made chilling headlines.

How Cybersecurity Solutions Fail

Cybersecurity includes techniques for protecting computers, networks, programs, and data from unauthorized access or exploitative attacks. Organizations are typically quick to spend their cybersecurity budget on antivirus and anti-spyware software, firewalls, VPNs, cybersecurity engineers, intrusion prevention systems, and other network and system security. While these are crucial to a secure network, they leave out an important variable—the user.

A shocking 95% of all data breaches are caused by human error. This human error is increasingly driven by social engineering, a technique that takes advantage of humanity’s trusting nature to successfully coerce people into revealing sensitive information or clicking on malicious links.

Cyberattacks primarily occur when an employee is fooled by a type of social engineering called phishing. Phishing is the fraudulent practice of sending emails, texts, or social media messages with the intent to get individuals to reveal sensitive information or click a link that can infect their system.

Imagine building a wall with state-of-the-art defenses and maintaining it with painstaking detail. You might think that all those defenses will protect you from any intruder and will keep you safe. However, if someone is not trained properly and leaves the gate open, opens the gate for a stranger, or makes the code for the gate “1234,” all your other security efforts become ineffective as the intruder simply walks through your front door. Without users’ awareness and understanding of best practices in cyber literacy, any threat mitigation tool or firewall is rendered useless. Yet an often-overlooked aspect of an organization’s cybersecurity solution is training.

How Training Can Protect Your Company

Understanding cybersecurity policies, threats, and best practices is critical for every person in every business in every industry. By providing advanced and continuous cybersecurity training and education to every employee, you are efficiently investing in your company’s protection against cyberthreats.

Companies often require annual training, but the awareness boost quickly wears off—not to mention that cybercriminals are constantly developing new social engineering strategies. So how can you ensure that cybersecurity best practices stay top of mind? Comcast came to Mind & Media with the same question. Together with Comcast, we developed a strategic and innovative training solution that keeps employees regularly engaged and refreshed on cybersecurity and communicates Comcast’s policies in a way that is easily digestible and retainable. Our solution is a one-minute training game (a strategy often referred to as gamification). Employees answer a cybersecurity question once a day for the opportunity to score points. Individual and team scores are accrued and displayed on a company-wide leaderboard—making the training fun, competitive, and engaging.

 

In summary, cybercrime is one of the biggest threats to companies large or small and training employees is critical to ensuring they don’t “leave the gate open” to cybercriminals and render your tangible defenses useless. Mind & Media can help you develop a cybersecurity training plan that works for your organization. We would love to discuss other training solutions we have developed and how we can help prevent your organization from being the next victim of cybercrime. Contact us!