In December, news reports revealed that foreign hackers breached the U.S. information technology firm SolarWinds. This allowed them to spy on numerous private and government agencies, including the Department of Homeland Security, for months. The origin of the attack may have been a weak password—solarwinds123—created by an intern in 2017, which would have been easy for hackers to guess. The high-profile attack put a spotlight on a problem that can no longer be ignored: most organizations are not prepared to deal with the growing threat of cyber crime.
If you think hiring cyber security experts alone is enough to deal with the problem, think again. Any worker in your organization is a potential backdoor for hackers to enter your network and access your organization’s private data. All it takes is for one employee to unknowingly download a malicious file in an email, or to create a weak password that’s easy for a hacker to guess, among other common blunders, for your organization to get infiltrated.
As Work Becomes More Remote, Employees are Even More Vulnerable to Cyber Security Attacks
Last year, during the COVID-19 pandemic, organizations across the world saw a two-third increase in ransomware and phishing attacks, according to the 2021 State of Phish annual report from Proof Point, an enterprise security company. Ransomware, a scheme in which hackers take control of your systems in exchange for money, are proliferating. Last year, two-thirds of organizations surveyed by Proof Point said their organization was victim of a ransomware attack. Over half of those chose to pay the ransom.
With more people working from home and using their own equipment and internet connection, there’s little doubt that the COVID-19 pandemic played a role in the increase of cyber security attacks. However, employees cannot be blamed for the problem. Most experts agree that in order for organizations to keep their networks and systems safe, they need to invest in regularly training their employees on how to recognize and prevent hacking attempts.
“Companies are quick to point fingers when it comes to data security,” Sai Venkataraman, co-founder and CEO of security awareness training firm SecurityAdvisor, told Infosecurity. “However, placing the blame on the employee is ineffective, and can deter them from self-reporting future incidents when they occur. While human actions account for the vast majority of all security incidents, organizations can benefit greatly from continually teaching employees about new cybersecurity threats and their role in protecting the organization.”
How Training Your Employees Creates a ‘Security Culture’
In 2020, over 90% of organizations in the UK asked or mandated their employees to work from home. Many groups successfully increased cyber security training for employees, with some providing cyber security training specifically for remote work. 80% reported that awareness training helped minimize phishing threats.
In order for these training programs to be effective and successful, organizations need to make them regular and recurring. However, repetitive, high-level security training for all employees is rare. While 64% of organizations provide formal training for workers, only 60% conduct training quarterly, and 36% of those only trained workers with specific job responsibilities or who worked in specific departments, according to the 2021 State of Phish annual report.
The most effective way to ensure your organization is secure is to make sure all employees are regularly trained on how to protect themselves from cyber security attacks.
“When you deliver this comprehensive, people-centric training regularly, you create a security culture,” Adenike Cosgrove, Cybersecurity Strategist at Proofpoint, wrote in Infosecurity. “A culture in which your people understand how simple behaviors can put your organization at risk. In which all users know how to prevent, detect and deter cyber-attacks. And in which best practice becomes standard practice.”
While cyber crime is almost certain to increase, organizations can protect themselves by investing in training for their employees. It’s also helpful to foster a security culture throughout their workforce.
Cyber Training Solution for Your Organization Offered by IEEE
It’s more critical than ever to find and keep the right people with the right skills to ensure your organization is safe from cyber attacks. It’s also critical to keep your existing team trained on the latest scenarios, threats, and tools. IEEE has partnered with ISACA to provide the Cybersecurity Nexus (CSX) Training Platform and CSX Cybersecurity Practitioner (CSX-P) certification to organizations, adding to its portfolio of training offered to professionals working to keep organizations secure from cyber attacks.
Learn how you can build critical technical cybersecurity skills with access to this affordable training solution.
Resources
Coker, James. (19 March 2021). Interview: Sai Venkataraman, Co-Founder and CEO, SecurityAdvisor. Infosecurity.
Cosgrove, Adenike. (17 March 2021).Why Employee Cyber-Awareness is Critical Every Day, Not Just During a Crisis. Infosecurity.
Canales, Katie and Jibilian, Isabella. (25 February 2021). Here’s a simple explanation of how the massive SolarWinds hack happened and why it’s such a big deal. Business Insider.
Sands, Geneva and Fung, Brian. (26 February 2021). Former SolarWinds CEO blames intern for ‘solarwinds123’ password leak. CNN.
2021 State of the Phish Annual Report. Proof Point.
Cyber security can boil down to common sense. If you are not actively online, you can power down your ethernet switch, which can be quickly re-powered when you need it.