From NSBA's Corporate Partner, ESET.
Research reveals that 74% of data breaches analyzed in 2023 involved a “human element”.[1] It’s an inescapable fact of modern cyber threats that employees represent a top target for attack. But give them the knowledge needed to spot the warning signs of an attack, and to understand when they may be putting sensitive data at risk, and there’s a huge opportunity to advance risk mitigation efforts.
What is security awareness training?
Awareness training is perhaps not the best moniker for what IT and security leaders want to achieve in their programs. The goal is to change behaviors through improved education about where the key cyber-risks lie and what simple best practices can be learned to mitigate them. It’s a formalized process that should ideally cover a range of topic areas and techniques to empower employees to make the right decisions. As such, it can be viewed as a foundational pillar for organizations wanting to create a security-by-design corporate culture.
Why is security awareness training necessary?
Like any kind of training program, the idea is to enhance the skills of the individual to make them a better employee. In this case, improving their security awareness will reduce the risk of a potentially damaging security breach.
Corporate users sit at the beating heart of any organization and if they can be hacked, then so too can the organization.
Several trends highlight the urgent need for security awareness training programs:
Passwords: Static credentials have been around for as long as computer systems and they remain the most popular method of user authentication. The challenge is that they’re also a huge target for hackers. Poor password practices open the door to hackers.
The cybercrime economy: Today these threat actors have a complex and sophisticated underground network of dark websites via which to buy and sell data and services – everything from bulletproof hosting to ransomware-as-a-service. It’s said to be worth trillions. This “professionalization” of the cybercrime industry has naturally led threat actors to focus their efforts where the return on investment is highest. In many cases, that means targeting users themselves: corporate employees and consumers.
Hybrid working: Home workers are thought to be more likely to click on phishing links and engage in risky behavior such as using work devices for personal use. As such, the emergence of a new era of hybrid working has opened the door for attackers to target corporate users when they’re at their most vulnerable. That’s not to mention the fact that home networks and computers may be less well protected than their office-based equivalents.
Why does training matter?
Ultimately, a serious security breach, whether resulting from a third-party attack or an accidental data disclosure, could result in major financial and reputational damage.
Learn more about cybersecurity awareness training with ESET here.
