There was an article on Help Net Security that claims that the era of passive cybersecurity training is over. The article discusses how, despite people realising the need for improved cybersecurity, there are still vulnerabilities that leave businesses exposed to cyber threats.
The aforementioned statement is based on the key findings of a survey conducted by Action1. These are presented here:
Breaches Due to Known Vulnerabilities
The survey found that 10% of the respondents had suffered from a cyber attack in the past year. And, out of them, 47% were through known security vulnerabilities.
49% of the respondents said phishing was the most common attack vector, and over half (54%) reported they lost control of their data due to ransomware attacks.
Lack of Support from Executive Teams
Several IT teams reported that they didn’t receive adequate support for cybersecurity initiatives from upper management. That, according to them, has been a critical threat to the business’s cybersecurity posture.
The teams also reported that they often were too busy with operational issues to be able to adequately take care of cybersecurity.
Inadequate Response Time and Remediation Efforts
According to the respondents, the time taken to identify vulnerabilities, failure to prioritise security issues, and the delays in remediating known vulnerabilities might cost their companies in security breaches.
Not Enough Cybersecurity Awareness Amongst Employees
The survey reported that employees need more time to improve their cybersecurity awareness. That means organisations are more at risk through phishing and other cyber attacks.
Based on these findings, what can businesses do to reduce their risk of cyber threats?
Manage Security Vulnerabilities Better
Since known vulnerabilities are often the ones exploited by threat actors, it is essential for businesses to manage and patch these flaws as soon as possible.
Use Automation to Reduce Cybersecurity Costs
Executive teams might not see any direct benefits of spending on cybersecurity, even though a cyber attack can end up costing the business a lot. However, IT security teams can use automation to lower their costs. This can be useful in arguing their case for a stronger cybersecurity posture.
Improving Cybersecurity Awareness
Since any cybersecurity strategy is only as strong as its weakest link—the employees—it is imperative that they are educated on the threats they might face and how to tackle them.
Communication channels are the preferred mode of social engineering attacks. Data stolen from other sources can be used to customise messages to make them more personalised and appear trustworthy.
With such attacks on the rise, employees should not only be equipped to identify phishing attacks but to also understand the importance of verifying before trusting.
Moreover, threat actors are now also using AI to generate malware, which, depending on how it’s used, might be more sophisticated than the average, run-of-the-mill computer virus.
In other words, businesses need to reduce their reliance on passive cybersecurity training.
Luckily, instead of a six-hour training session, which will be forgotten within the week, there are tools to help with ongoing training and monitoring. One such tool is CultureAI—a platform that helps “improve cybersecurity behaviours and reduce security incidents caused by employees”.
The platform offers human risk monitoring, security awareness coaching, employee security empowerment, and human risk response.
This platform can help alleviate some of the problems faced by businesses, such as poor cybersecurity awareness among employees, lack of knowledge on how to deal with potential risks, and what to do when an employee is at risk.
