Categories
Computers & Software Professional Services Technology World

Help Net Security Discusses How Passive Cybersecurity Awareness Training Might Not Be Enough Anymore

There was an article on Help Net Security that claims that the era of passive cybersecurity training is over. The article discusses how, despite people realising the need for improved cybersecurity, there are still vulnerabilities that leave businesses exposed to cyber threats.

The aforementioned statement is based on the key findings of a survey conducted by Action1. These are presented here:

Breaches Due to Known Vulnerabilities

The survey found that 10% of the respondents had suffered from a cyber attack in the past year. And, out of them, 47% were through known security vulnerabilities.

49% of the respondents said phishing was the most common attack vector, and over half (54%) reported they lost control of their data due to ransomware attacks.

Lack of Support from Executive Teams

Several IT teams reported that they didn’t receive adequate support for cybersecurity initiatives from upper management. That, according to them, has been a critical threat to the business’s cybersecurity posture.

The teams also reported that they often were too busy with operational issues to be able to adequately take care of cybersecurity.

Inadequate Response Time and Remediation Efforts

According to the respondents, the time taken to identify vulnerabilities, failure to prioritise security issues, and the delays in remediating known vulnerabilities might cost their companies in security breaches.

Not Enough Cybersecurity Awareness Amongst Employees

The survey reported that employees need more time to improve their cybersecurity awareness. That means organisations are more at risk through phishing and other cyber attacks.

Based on these findings, what can businesses do to reduce their risk of cyber threats?

Manage Security Vulnerabilities Better

Since known vulnerabilities are often the ones exploited by threat actors, it is essential for businesses to manage and patch these flaws as soon as possible.

Use Automation to Reduce Cybersecurity Costs

Executive teams might not see any direct benefits of spending on cybersecurity, even though a cyber attack can end up costing the business a lot. However, IT security teams can use automation to lower their costs. This can be useful in arguing their case for a stronger cybersecurity posture.

Improving Cybersecurity Awareness

Since any cybersecurity strategy is only as strong as its weakest link—the employees—it is imperative that they are educated on the threats they might face and how to tackle them.

Communication channels are the preferred mode of social engineering attacks. Data stolen from other sources can be used to customise messages to make them more personalised and appear trustworthy.

With such attacks on the rise, employees should not only be equipped to identify phishing attacks but to also understand the importance of verifying before trusting.

Moreover, threat actors are now also using AI to generate malware, which, depending on how it’s used, might be more sophisticated than the average, run-of-the-mill computer virus.

In other words, businesses need to reduce their reliance on passive cybersecurity training.

Luckily, instead of a six-hour training session, which will be forgotten within the week, there are tools to help with ongoing training and monitoring. One such tool is CultureAI—a platform that helps “improve cybersecurity behaviours and reduce security incidents caused by employees”. 

The platform offers human risk monitoring, security awareness coaching, employee security empowerment, and human risk response.

This platform can help alleviate some of the problems faced by businesses, such as poor cybersecurity awareness among employees, lack of knowledge on how to deal with potential risks, and what to do when an employee is at risk.