Stephen LAccording to one recent study, the total number of malware infections taking place across just about every industry hasn’t just been on the rise over the last decade – they’re absolutely exploding.
There were approximately 12.4 million malware infections all the way back in 2009, for example. Flash forward to just a few years in 2013 and that number had already climbed to 165.81 million. Move ahead in time a few more years to 2018, and that number had risen to an incredible 812.67 million. Unfortunately, this is one trend that doesn’t really show any signs of slowing down anytime soon.
In an event to prevent themselves from becoming the target of these types of attacks, businesses in particular enact all sorts of different measures. They invest in proactive network scanning tools. They throw money at expensive antivirus and anti-malware solutions. They hire third party companies to come in and try to monitor things as best they can, hopefully in the name of preventing a small problem before it has a chance to become a much bigger one down the road.
All of these things are important, yes – but they’re also just smaller parts of a significantly larger story. Because the truth of the matter is, the most effective way to create a better cybersecurity infrastructure for your business – regardless of its size – is also, thankfully, the most straightforward. It involves prioritizing ongoing cybersecurity education and awareness training for users at all costs.
Why Continuing Education Matters
To get a better understanding of why this type of cybersecurity trying and education truly matters in a business environment, think about things in the context of something like a phishing attack.
One minute, an employee gets an email supposedly from a supervisor – the same type that they’ve received countless times before. They don’t think much of it – nor do they think much of the request to reply with the username and the password of a specific account. They do, and that’s exactly when disaster strikes – suddenly, a rogue actor with malicious intentions now has access to the account in question. If they have that information, they probably have enough to go even deeper into your network and at that point there really is no limit to the amount of damage that can be done.
Had that employee been trained on how to identify suspicious emails, the entire situation probably wouldn’t have happened. At the very least, they should have been trained on the idea that, if they get a suspicious request that doesn’t quite make sense, they should follow up with the individual in person. Even if the email supposedly came from a client, they should pick up the phone, give them a call and make sure that everything is legitimate.
Situations like these are exactly how easy it is to fall victim to these types of attacks. Luckily, they’re also indicative of how easy they are to avoid. According to another recent study, about 95% of successful cyber attacks are the direct result of something like a phishing scam. This makes sense, given the fact that the same source revealed that about 45% of employees receive absolutely no security training at all from their employers.
If you want someone to avoid a phishing email, you need to make sure they know exactly what one looks like. They need to be able to identify legitimate messages and separate them from illegitimate ones. They need to know not to click on suspicious links in messages from recipients they don’t know, or not to download attachments in emails that they didn’t expressly ask for. You can’t just assume that people have this knowledge – you have to provide it to them and you have to do it on an ongoing basis.
Another recent study revealed that security-related risks are reduced by literally 70% when organizations make even a modest investment in cybersecurity training and awareness. If you needed just a single statistic to outline how important this all is, let it be that one. In the end, it’s actually something of a misconception that you can prevent your business from becoming the target of a cyber attacker or some other type of rogue actor. You literally cannot be “too small” or “too insignificant” to attract attention. At this point, given the sheer nature of how these things operate, it’s no longer a matter of “if,” but “when.”
What you can do, however, is prevent your organization from becoming a victim – meaning that you can take meaningful steps to make sure those cyber attacks and intrusion attempts aren’t actually successful. That in and of itself makes the investment in ongoing cybersecurity training and education more than worth it.
Add comment