Cybercriminals thrive on chaos, and this last year has delivered chaos in spades. There was COVID-19 and the resulting lockdowns. There was a contentious political environment. There was an economy struggling hard from the global pandemic. Even the Gulf Coast weather was chaotic, with a crazy hurricane season followed up a few months later by a record-breaking ice storm. This past year was like Christmas to those who are looking to exploit the cybersecurity vulnerabilities that accompany an environment of chaos.
- Phishing email subject lines are getting sneakier – “Urgent Invoice” and “Important: Please Read” being 2 common ones
- Three-quarters of organizations experienced a phishing attack last year
- 96% of attacks arrived via email
- The average 2020 data breach cost $3.92 million
Cybercriminals Are Evolving - So should cybersecurity
Cybercriminals, also known as bad actors, aren’t necessarily the sophisticated cybersavvy masterminds of Hollywood lore. Verizon’s 2020 Data Breach Investigations Report that 55% of breaches can be tied back to organized crime, and 30% are internal perpetrators.
Cybercrime isn’t going away. It’s mind-bogglingly lucrative – to the tune of a forecasted globally this year. These bad actors know that one of an organization’s biggest vulnerabilities is its employees, and they are skilled at finding clever and hard-to-detect ways to manipulate them. Especially when you consider that the average employee receives per day. It sure doesn’t take much for Jeremy, your well-intentioned albeit email-weary employee, to inadvertently launch a phishing attack. For bad actors, phishing is a numbers game, and they are relying on the Jeremys of the world to unintentionally play along.
Your Information Security Foundation
“There’s a physical foundation to information security,” AGJ Systems & Networks security team member Shane Miller states. “Is your software uptodate? Do you have a firewall? Is your building secure? What does your network security look like? Is your WiFi secure? All those are pillars of security.”
Before that phishing email even hits your employees’ inboxes, businesses, municipalities and organizations need to address the broader physical information-security requirements that require attention.
User Awareness Training
Remember Jeremy? Quickly scrolling through his 121 daily emails, at serious risk of mindlessly clicking on a catastrophic link? The good news is that Jeremy can be educated in the ways of phishing detection.
Cybercrime can still be an abstract concept to those who don’t deal with its potential implications as part of their day-to-day role. That’s why company-wide user awareness training is so critical.
When asked what is the number-one thing that organizations should be focusing on from a cybersecurity perspective, AGJ security team member Travis Roberts doesn’t hesitate to respond:
“User training, that’s where it starts. A lot of compromises begin based on user actions. Not only simulation training, but ongoing training, education pieces – anywhere from phishing campaigns to general end-user-security awareness. Good general practices can make security go a long way.”
What does effective user-awareness training look like? Elements include:
- Regular mandatory employee training
- Scheduled awareness surveys
- Unscheduled awareness assessments to measure compliance with user-awareness training
- Feedback surveys designed to improve ongoing training programs
Buy-in from Leadership
A commitment to cybersecurity needs to be followed by all members of the organization, including those at the very top. If Jeremy is expected to tow the line, he needs to see that management is doing so as well. Despite so many high-profile and devastating cybercrimes having been reported in the media, many leaders still have blinders on when it comes to the importance of proper cyber protection.
“I see customers with passwords that are 6 letters long, because that’s what they’ve always done and it’s easy,” AGJ security team member Randall Ladner shares. “Moving to an environment where they have multifactor authentication, they have 10-character passwords – this is not easy to push on people that have had a certain mindset for such a long time, but it’s absolutely the best thing for an organization to do – implement these difficult things, before you have to pay for it.”
So, how do you get this buy-in? By reminding leadership of the financial risk that is at stake with noncompliance. That $3.92 million average data-breach-cost price tag tends to resonate with those in charge.
Pulling It All Together with a Pretty cybersecurity Cyberbow
With the in place, chaos in the world doesn’t need to translate to chaos within your organization. AGJ covers the gamut of IT solutions, from those critical infrastructure foundational pieces to employee training to information-security-policy development. As the go-to IT management provider for the Gulf Coast area, AGJ’s team of veteran engineers knows everything there is to know about network security solutions and implementing the latest technologies. Leaving your organization free from chaos, and free to focus on growth. Book your today.