CYBERSECURITY AWARENESS: HOW REAL ARE CYBERSECURITY THREATS?
Proofpoint, a Californian enterprise security company, reported that in 2020 at least 53% of companies in the UK and Ireland suffered at least one cyberattack that impacted business operations. 14% experienced multiple attacks. Here are the main sources of the attacks:
- 46% – Ransomware
- 39% – Cloud account compromise
- 33% – Insider threat
- 30% – Phishing
WILL CYBERSECURITY THREATS CONTINUE?
Cybersecurity attacks are set to get worse – not better! 64% of small to medium-sized businesses surveyed in the UK have expressed their concern over being vulnerable to an attack in 2021. Larger organizations are more worried, with 89% of CSOs (Chief Security Officers) from companies with more than 2,500 employees, predicting that an attack is imminent.
WHAT IS THE BIGGEST CYBERSECURITY RISK?
The answer is simple – we are! 55% of CSOs and CIOs in the UK are convinced that human error and lack of cybersecurity awareness pose the biggest threat to their business. Put simply, this means that through their ignorance, your employees are making costly mistakes – mistakes that result in IT downtime, damage to your reputation, and cost you a lot of money. Here’s where employee-induced cyberattacks come from:
- 43% – clicking on a malicious link or downloading a corrupt file
- 39% – being a victim of phishing email
- 35% – intentional leaking of data
- 35% – unauthorized use of devices and applications
HOW CYBERSECURITY AWARE ARE YOUR EMPLOYEES?
If you are a CSO or CIO, then you will have a high level of cybersecurity awareness. Unfortunately, your realization doesn’t automatically filter down to the employees of your business, all of whom pose a significant cybersecurity risk. Many individuals think that they are immune to a cyberattack, with an “it’ll never happen to us” attitude. It does happen. Cybercriminals will leave no stone unturned to exploit your untrained or unaware employees.
HOW CAN I MAKE THIS RIGHT?
While there’s not much you can do about employees with malicious intent, you can take preventative action on how your human resources store, process, and transfer information. This is what the UK National Cyber Security Centre recommends for employee cybersecurity awareness and education:
- Implement and enforce a user security policy.
- Establish a staff induction process so that new employees, including contractors and third parties, are aware of their responsibility to comply with your security policies.
- Provide and monitor ongoing refresher training on the security risks to your organisation.
- Empower your staff to report badly managed security practices and nurture a culture of reporting security incidents.
A LAST WORD ON CYBERSECURITY AWARENESS
With the onset of the coronavirus pandemic, at least 24% of UK workers are working remotely. This gives you even less control over cybersecurity best practices. But you can take comfort in the words of Richard McClain, CEO of INE technology training company:
“No one can guarantee the elimination of cyber threats, but a well-trained workforce can reduce the impact these types of attacks will have on a business.”
