Skip to main content

Human Behavior is the most Significant Risk

According to Verizon’s Data Breach Investigations Report, human behavior is the most significant risk to your cybersecurity, accounting for 82% of data breaches. It underlines the importance of cybersecurity employee training and why the security awareness training market is expected to reach $10 billion annually by 2027. Here are some additional considerations to ensure your employee security training is frequent and relevant: – The US set a new record for data breaches in 2021, while there was a 105% increase in global ransomware attacks. – Many organizations face stretched IT teams and a global cybersecurity skills shortage.

Big Mistake

One of the biggest mistakes a company can make with cybersecurity employee training is to assume that providing any training means they and their employees are now secure. One survey found that respondents who reported receiving cybersecurity training did slightly worse in subsequent testing than those who did not. Further, 74% of respondents who answered all questions incorrectly reported feeling safe from cyber threats, whereas none who answered all questions correctly felt the same.

Raising Employee Awareness

Employee security training should focus on raising awareness of the need for good cyber hygiene for all employees, including contractors and partners. Employees should be aware of cyber threats businesses face and how something as simple as a click can have long-lasting consequences. Using recent examples can help employees understand how communication from LinkedIn, a virtual meeting platform, or the CEO may be an attempt to install malware.

Phising – A Real Threat

Phishing is one of the most used vectors for cyber attacks and accounts for almost two-thirds of all social engineering breaches, according to the DBIR. Phishing emails can be used to deploy malware, including ransomware. Simulations can be an essential tool in helping employees understand how phishing works. Like any training, the more realistic the simulations are, the more effective they will be for staff. Training should also cover how to report phishing attempts to your IT and internal security teams.

To ensure your cybersecurity employee training is done right, you can implement some best practices like making training enjoyable, benchmarking employee progress, and tailoring training to specific security risks.

For more on cyber security training, click here