Human Element in Cyber Security

The human element of Cyber Security has never been more prevalent.  According to Verizon in their recently released 2022 Data Breach Investigations Report,  82% of breached involved the “Human Element”, which includes social attacks, phishing and credential theft – that’s almost double the number found in 2020.

So, what resonates with customers today?  Well, we see the vast majority of customers moving to continuous, high quality security awareness training, which is totally flexible and fits the business’ requirements from a compliance perspective.  Most importantly a flexible approach is needed order to suit the employee, who often see that frequent training is more important than formal workplace training.

And it’s not FTSE250 companies and large enterprises, who we assume are at risk from phishing and ransomware having lots of employees, distributed environments being the targets.  You and I may we waiting for the next high-profile breach and the ensuing reputational damage accompanied by fines etc.  But why would an attacker go after those organisations?  They have the most sophisticated cyber defences available.

Small Medium Sized Businesses are arguably an easier target and there are a lot more of them to target.  Recent studies have suggested that 30% of SMBs have no written incident response plan to respond to an attack and only a 3^rd of these were tested in the last six months.  34% do not test employees for susceptibility to phishing to prevent ransomware being downloaded or provide access to an attacker inadvertently. 75% say they would survive only three to seven days from a ransomware attack, 28% would survive only 7 days and 21% of SMBs have no offline backups, whilst 34% of SMBs don’t utilise phishing testing of employees to prevent such attacks, something which can be easily prevented with Social Engineering and Security Awareness Training.

My take on Security Awareness, if you are fortunate enough to be an employer or employee who supports and benefits from Security Awareness training, it’s likely you will share this knowledge with family and friends.  After all, it’s not just in the work place we need to be security aware.  So the benefits of continuous training are wide-spread as more and more digital exposure surfaces, with ever more reliance on the online world, of which the attackers are all too aware and keen to exploit.

Finally, a comment from John Edwards, appointed as UK Security Commissioner in January this year:

“My office has seen a 19% rise in reports of cybersecurity incidents involving people’s personal data over the past two years. Our experience is that many of the issues are preventable and getting the basics right is the first step.

“It’s not a question of do it once and forget about it. It’s about creating a culture of vigilance. Our stats show that a growing number of cyber-attacks come from phishing, with emails looking to trick or persuade staff to share usernames and passwords. Measures such as multi factor authentication help here, but up-to-date staff training is essential to spot and report phishing attempts.

“Cybersecurity can seem intimidating, but it doesn’t have to be. There’s a wealth of advice available including our practical guide to keeping your IT systems safe and secure as well as information from the National Cyber Security Centre and the Cyber Essentials campaign.”

If you want to know more about how you could secure your business, get in touch with one of our cyber security consultants or contact Stephen Fowler.