Last year, there were more than 25 major data breaches, including OPM, the IRS, Ashley Madison, Anthem, CVS, Walmart, and Scottrade. Business news was dominated by these events. But it occurs to me that I haven’t seen any news reports of major data breaches for past several months. This concerns me, because I know the lack of news is not the result of a lack of attacks. If anything, 2016 is on track to exceed last year’s breach count.
We are, in fact, living with a new reality: major hacks are no longer news. This new reality is underlined by International Trends in Cybersecurity, published last month by one of our partners, CompTIA. (You can download the report at the linked page; registration is required.) The report was based on a survey of more than 1500 business and technology executives in 12 countries. It notes that nearly three-quarters of the organizations responding experienced at least one security incident. About 60% had one or more serious breaches. In other words, we now live in a world in which organizations are more likely than not to suffer breaches in a given year.
The report says that human error is almost twice as likely to be responsible for a security breach as technological error. This means there’s a great deal you can do to protect yourself and your business. You can train a team of experts to act as certified first responders, who will reduce your vulnerabilities, detect intrusions, and help protect your assets.
In addition, everyone in your organization should be familiar with the consequences of data breach and the form in which attacks generally come. Your employees need to know that any time a user allows a dubious connection, they don’t just risk their own security. They may be opening their device to criminals who will install malware on it and turn it into part of a botnet that preys on other users or mounts attacks on websites.
If you want to create a syllabus for an employee cybersecurity training class, start with the report’s “Top Sources of Human Cybersecurity Error.” There are six:
- General carelessness
- Failure to get up to speed on new threats
- Lack of expertise with websites and applications
- End user failure to follow policies and procedures
- Lack of expertise with networks, servers and other infrastructure
- IT staff failure to follow policies and procedures
While “general carelessness” and “IT staff failure to follow policies are procedures” sound like disciplinary problems, the other four would seem to be problems that can be remediated through training.
You don’t need to create a training program, however. Logical Operations has you covered. Our CyberSAFE class enables employees of any organization to identify many of the common risks associated with using conventional end-user technology, as well as how to safely protect themselves and their organizations from security risks. It takes a half day or less of the employee’s time, and it can lead to a career-enhancing certification that increases the employee’s value to the organization. And ask about our CyberSAFE Readiness Test, which can help determine your particular users’ cybersecurity needs. You can access to the test at no charge. Contact us at +1.800.889.8350.