Compromised: Business failing to roll out cybersecurity training
Image: © AFP/File
Around 50 percent of UK businesses have experienced a cyberattack over the last year, but despite this, 73 percent of UK employees say they have not received cybersecurity training in the last 12 months.
Using global search data from AHrefs, the application security SaaS company Indusface has provided insight to identify the world’s top five questions and concerns about cyber ecurity in the workplace.
The questions have been posed by Venky Sundar, Founder and President of Indusface and the answers supplied to Digital Journal.
“Why is cyber security training so important for business?”
According to Sundar: “With data breaches costing businesses an average of $4.45 million globally in the last year, it raises the question of just how critical it is for organisations to provide employees with comprehensive training on what constitutes sensitive data and how they can protect it, as well as what is at stake if they do not adhere to the policies.”
He adds: “And training doesn’t have to be monotonous, for example setting up phishing email simulators to engage the team and allow them to see the potential dangers in action. These simulations show how quickly and easily attacks can happen, helping employees develop practical, hands-on skills for spotting suspicious activity. Cybersecurity threats evolve constantly, so training should be regular, not a one-time event. Regular training and guidance will ensure that employees receive tailored guidance on securing their work equipment, home offices, use of VPNs, and recognizing the unique threats posed by both in-office and home working environments.”
“How is AI used in cyber security?”
Sundar explains: “The biggest problem with security software, especially website and API protection is the prevalence of false positives. False positives are when legitimate users are prevented from accessing an application. So notorious is this problem that 50%+ businesses worldwide have implemented WAAP/WAF solutions and left them on log mode. This means that attacks go through the WAF and they are at best used as log analysis tools after a breach.”
He adds: “Effectively using AI can help with eliminating or reducing false positives to a bare minimum and encourage more businesses to deploy WAFs in block mode. The other problem with security software is letting an attack go through. These are also called false negatives. Using AI on past user behaviour and attack logs can effectively prevent any attacks that don’t conform to typical user behaviour.”
“How can you protect your home computer?”
By 2025, approximately 22 percent of workers will work remotely. But with such a significant increase in remote roles, how can employers ensure their employees’ home computer remains protected?
Sunda states: “Remote working means people are working in less secure environments and their devices are more exposed to data breaches both digitally and physically. Many remote workers are using the same device for professional and personal use, or even accessing company data on devices shared with other household members. Employers should ensure strong password management, including using automatic password generators that create extra secure passwords, and never duplicate these across accounts. Multi-factor authentication also provides a secure method of verifying your identity, making it harder for hackers to breach any accounts. Limiting what could be accessed on official devices is also important in thwarting attacks.”
Sundar comments further: “That said, installing an endpoint security software like antivirus, keeping it updated should be able to protect most computers, unless you fall victim to an advanced phishing attack.”
“What percentage of breaches are human error responsible for?”
Sundar finds: “According to data by Indusface, 98 percent of all cyber attacks rely on human error or a form of social engineering. Special engineering breaches leverage human error, emotions and mistakes rather than exploiting technical vulnerabilities. Hackers often use psychological manipulation, which may involve coaxing employees to reveal sensitive information, download malicious software or unknowingly clicking on harmful links. Unlike traditional cyberattacks that rely on brute force, social engineering requires direct interaction between attacker and victim.”
The expert further indicates: “Given that human error can be a major weak link in cyber security, the best way to prevent these attacks is to put in place education and training on the types of attacks to expect and how to avoid these. That said, implementing a zero-trust architecture, where request for every resource is vetted against an access policy will be paramount to stopping attacks from spreading even when a human error results in a breach. Also, make sure that the applications are pen tested for business logic and privilege escalation vulnerabilities so that the damage is minimised. Basics such as standard best practices across the board, secure communications, knowing which emails to open, when to raise red flags and exercising extreme caution when accepting offers will go a long way in preventing human errors that lead to breaches.”
“What are the top 3 targeted industries for cyberattacks?”
To the final question, Sundar proposes: “According to EC University, manufacturing, professional / business and healthcare are the top 3 targeted industries. The manufacturing sector leads the world in cybercrime incidents according to Statista (2023). Attacks on the industry include halting production lines, to the theft of intellectual property, and compromising the integrity of supply chains.”
Sundar concludes: “The professional, business, and consumer services sector has also become an attractive target for cybercriminals due to its heavy reliance on sensitive data. Confidential client information and business insights are often targeted, leading to significant financial losses and damage to brand reputation, and client relationships. A breach in the healthcare industry can have dire consequences, from compromising sensitive patient data to disrupting critical medical services. Given the high value of medical records on the black market, there is an urgent need for stronger cybersecurity measures to protect both patient privacy and the integrity of healthcare systems.”
Compromised: Business failing to roll out cybersecurity training
#Compromised #Business #failing #roll #cybersecurity #training