I can answer the question in the title in one word: Very.
But of course, anyone with any sense should ask – OK, go on prove it then. So, I will try to too.
Let me leave this here before I go on to give some evidence about the importance of security awareness training.
In the first half of 2019, there were 4.1 billion data records breached. In the same period in 2018, there were around 3.5 billion exposed records. By anyone’s standards, that’s a lot. Not all were cybercriminals hacking into databases. Many were accidental exposures, lost laptops, inadvertent emails sent out, and so on.
The state of cybersecurity today is a mess. What is often true in life is that the simplest of ideas can be the most effective, enter stage left, security awareness training.
Where security touches employees, deeply
Security, back in the olden days, say in 1995, was something that was pushed over to a geek in the server room. The geek (I say that as a fellow geek) would sit, warming hands over a hot server while contemplating when to do an update that would cause most annoyance to the employees.
When the network reached out into the wider internet, things changed. Cybercriminals upped the ante and cyber-attacks for the masses began. Employees became a target. By then, we were all connected up via email and websites. This was when we all became security woke; this was when the awareness penny dropped into place.
In a recent report by Proofpoint, they point out that 99% of cyber-attacks need human intervention. What does this mean?
- Phishing: A human has to click a malicious link or download a malwar-infected attachment for the attack to begin. This then leads to the loss of personal data or even the loss of login credentials that expose a whole database of data.
- Accidental exposure: A human has to accidentally leave a laptop on a train or send an email with personal details to the wrong person.
- Security negligence: Sharing passwords is more common than you might think. Around 19% of company passwords are easily compromised because they are either shared or weak. Reuse of passwords is another area of concern. A study showed that 52% of people reuse their passwords for multiple services.
- Misconfiguration: In 2018, 70 million of the exposed records were due to system admins not setting up cloud databases and servers correctly. Often, this is down to just not thinking with a security hat on.
Putting the security hat on with security awareness training
To counterbalance all of the human touchpoints of the cybersecurity horror show, we have to turn to education. When I was a kid, I was taught how to cross the road without being killed. There were some excellent adverts on the telly at the time with a cute little fella called “Tufty”. Those short little TV videos worked wonders. My 7-year old self remembered the words of Tufty when I went to cross the road and I’m here to tell the tale.
Security awareness training is similar to the training we got as kids to stay secure when crossing the road or talking to strangers and so on. It is an adult version of the security training we got as kids.
Security awareness training works by addressing a number of areas that cause security vulnerabilities. This includes phishing, security hygiene, etc. The training teaches everyone across the organization about the danger zones and gives them a security hat they can wear in everything they do.
Effective security awareness training works with your employees to engage them in interactive sessions. It makes security awareness fun and in doing so makes it memorable.
– Engage your staff with scenario-based security awareness training or “In-the-Moment” training.
A recent report into security awareness amongst employees found that 75% of the organisations had a serious problem in understanding what was the best practice when it came to correct behaviours in cybersecurity and data privacy.
We said earlier that 99% of cyber-attacks require a human being to start the process that will result in a data breach. Compound this number with 75% of organisations not knowing how to prevent this, and you have yourself the perfect environment for cybercriminals to operate in.
This, in a nutshell, is why education in the form of security awareness training is vital. Your people are your best chance to protect your company. Make the most of our natural instinct to stop being made a fool of. No one wants to be the person who pressed the big red button and let the cybercriminal in. Using an effective security awareness training package empowers employees to make the right security decisions. The old adage “knowledge is power” is never truer in the current security climate we find ourselves in.
Interested in learning more about how security awareness training can help your organisation? Sign up for a free demo of the world’s most interactive security awareness training.
– Watch our free taster sketch “Phishing Emails in Real life” from our hilarious Sketches security awareness training series