Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Cybersecurity Training: Raising Awareness And Securing Your Business
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Cybersecurity Training: Raising Awareness And Securing Your Business

5 years ago Tripwire Guest Authors
Cybersecurity Training: Raising Awareness And Securing Your Business

Organizations are increasingly faced with threats from sophisticated criminal organizations and nation-state actors.  To mitigate the risks posed by cyber criminals, organizations must secure and protect their proprietary and sensitive information. They must also commit to training their employees to do their part to protect proprietary and sensitive information. Cybersecurity awareness and training programs educate employees about cybersecurity threats, risks and best practices as well as how to navigate the ever-changing and evolving threat landscape.

The importance of raising cyber awareness

Cybersecurity consists of people, policy and technology. Consideration of people and human behavior is the most important of the three due to the risks associated with human habits, negligence and carelessness. The threat landscape is constantly changing and exploiting instances of human error or negligence along with system vulnerabilities. As a result, organizations must take care to provide awareness and training that keeps pace with the evolving landscape – one that focuses heavily on the human factor. 

Due to the COVID-19 pandemic and the shift to working remotely for many employees, organizations understand now more than ever that cybersecurity needs to be part of the organization’s culture—whether employees are working from home or in the office at the company’s headquarters. As organizations in the United States (U.S.) and abroad work to meet the challenges of cybersecurity, many C-Suite executives acknowledge the importance of employee training programs and the need for security policies and controls. C-Suite discussions about cybersecurity awareness and training programs involve consideration of the human factor, insider threats and cybersecurity behavior. The analysis typically includes questions and comments about the effectiveness of cybersecurity training and awareness programs.

The status of cybersecurity training

Recently, TalentLMS conducted a survey of 1,200 U.S. employees to gauge their awareness and knowledge of cybersecurity risks. TalentLMS also quizzed employees on fundamental cybersecurity principles. The quiz questions ranged from password strength to suspicious emails. Less than 1% of respondents answered every question correctly.

The most interesting survey responses were that:

  1. 69% of the respondents actually received cybersecurity training from their current employers, but less than 1% of all respondents answered all quiz questions correctly.
  2. 77% of employees reported that their company had an established cybersecurity policy, but 19% were unfamiliar with the policy.
  3. 26% percent of employees shared that they stored their passwords on a piece of paper.

Cybersecurity Training

The survey results indicate that only 69% of the respondents actually received cybersecurity training from their current employers. Given recent world events and cyberattacks involving just about every sector, every organization that has employees who use information technology should require their employees to participate in annual cybersecurity awareness and training. Failure to provide cybersecurity training for employees increases the risk of breaches associated with human error. 

Further, cybersecurity awareness and training are only part of the equation for success. Organizational leadership must also focus their efforts and resources on creating a culture of cybersecurity through employing the right people with the right attitudes towards cybersecurity, training and testing employees regularly as well as offering rewards and recognition to reinforce behavior that is consistent with good cyber hygiene.

Cybersecurity Policy

Organizations must establish cybersecurity policies, and most importantly, the polices must be clearly communicated to all employees as well as be available in multiple formats (e.g., company intranet, employee handbook, weekly information security tips.) In the TalentLMS survey, 77% of employees reported that their company had an established cybersecurity policy, which is a pretty high percentage, but the thought of 23% of respondents working for organizations who did not have a policy is unsettling. Even more risky is that some respondents reported that they were unfamiliar with their company’s cybersecurity policy. Every organization that has employees who use IT should require acknowledgment of and agreement to follow all cybersecurity policies.

Password Storage

Protecting proprietary and sensitive information is critical to an organization’s success. One way to protect proprietary and sensitive information such as customer data, employee data, etc. is to maintain strong and secure passwords to prevent unauthorized access to devices. The survey results show that some of the respondents stored their passwords in a manner that could expose their employer to unnecessary risk of a data breach (e.g., in their browser and in plain text). Specifically, 26% of respondents indicated that they stored their passwords on a piece of paper. Employee negligence, such as leaving passwords or sensitive information unattended on a desk, increases the risk of a data breach.

The survey results and responses to the quiz questions make it clear that while many of the respondents received cybersecurity awareness training, a demonstration of habits consistent with good cyber hygiene and application of cybersecurity knowledge is lacking. This lack of discipline and application of knowledge has far-reaching consequences.

“Apart from the conclusion that companies do their cybersecurity training the wrong way, I find it very surprising and worrying that the highest fail rates on our quiz – by a sweeping majority – were reported in tech-related industries,” commented Victor Kritakis, CISO at TalentLMS.

“Also, we saw an unexpectedly high fail rate in the finance industry, where security is very critical. At the same time, we found that employees in healthcare had the best scores. And a possible justification for this is that good control mechanisms, strict legal frameworks and regular audits, as is the case for the healthcare industry in the United States, lead to better informed employees,” added Kritakis.

U.S. Implications

The findings of the survey have far-reaching implications for organizations that are unable to manage their employees’ behavior as it relates to cybersecurity practices. Failure to manage the employee behavior will increase an organization’s risk for cyber attacks. 

Cyber attacks may compromise customer privacy, business operations, intellectual property or employee privacy. Of course, the effects of a cyber attack include both reputational damage and, if applicable, costs associated with a data breach. To mitigate the risks associated with the human factor, and as government and industry continue to work to develop their cybersecurity programs, awareness and training programs will need to include opportunities for trainees to apply knowledge of cybersecurity what to do, what not to do and best practices.        

Global Implications

Humans are our strongest ally when it comes to securing proprietary and sensitive information. Consider that a properly trained employee working for a global company that has created a culture of cybersecurity certainly understands that their cybersecurity practices may have an effect on their co-worker in another country. Conversely, if an employee works for a global company headquartered in the United States, their negligence or carelessness in Texas can impact their entire company, including their colleagues in Singapore, if they lack effective cybersecurity awareness and training as well as a willingness to apply the knowledge learned

Another global implication relates to the global supply chain. In the wake of recent cyberattacks, cybersecurity professionals agree that supply chain security is a must have. Thanks to advances in technology, we are globally connected both personally and professionally. With the interconnections between sectors (public and private) and the scale of supply chain risks faced by government and industry, managing risks to the information and communications technology (ICT) supply chains requires organizations to strengthen their security posture. 

Training and audits enhance cybersecurity posture

One way to strengthen the security posture of an organization is to effectively train the workforce to mitigate risks associated with human error and recognize and respond to threats. We must all work together to enhance the security of the ICT supply chain. 

“Training your employees on cybersecurity should be taken very seriously,” stressed Kritakis. “It shouldn’t be theoretical and boring for your staff but hands-on and offer real-life examples. Also, cybersecurity training should be part of the onboarding process but should be also repeated regularly. The training material should be updated because threats change and become more and more sophisticated.”

Another useful tool is the frequent conduct of audits.

“It is equally important for companies to conduct internal security audits. We’ve seen that these audits help identify compliance gaps and which departments or individuals are more vulnerable to attacks due to lack of cybersecurity awareness. They also help adjust training and policies and see what cybersecurity areas you should focus on – passwords, phishing, etc. Finally, having established security policies helps with employees’ awareness. My advice for companies would be to follow and comply with a standard security framework such as ISO 27001 or, for Europe, GDPR,” added Kritakis.

Conclusion

Cybersecurity awareness and training programs are necessary and should be required as part of a holistic approach to establishing and maintaining a cybersecurity program. Surveys and assessments have demonstrated that cybersecurity training and awareness alone will not improve an organization’s security posture because they are not enough to change or manage employees’ behavior. Changing employee behavior requires a culture of cybersecurity that’s developed by strong cybersecurity leadership and reinforced through controls, policy and ongoing awareness and training. 

About the Author: Ambler is an attorney with a background in corporate governance, regulatory compliance and data privacy.  She currently consults on governance, risk and compliance, enterprise data management as well as data privacy and security matters in Washington, DC.  

LinkedIn: https://www.linkedin.com/in/amblertjackson/

Twitter: @amblerjackson

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

The post ” Cybersecurity Training: Raising Awareness And Securing Your Business” appeared first on TripWire

Source:TripWire – Tripwire Guest Authors

Tags: Compliance, COVID-19, Critical Severity, Encryption, Goverment, High Severity, Phishing, Privacy, TripWire

Continue Reading

Previous Ghosts in the Machine – OT and IT Convergence
Next Hacker Tools Used for Good as Exposed Amazon Cloud Storage Accounts Get Warnings

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

12 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

13 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

15 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

How Samsung Knox Helps Stop Your Network Security Breach

17 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

19 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Data Breach
  • Vulnerabilities

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

21 hours ago [email protected] (The Hacker News)

Recent Posts

  • China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
  • CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk
  • Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
  • How Samsung Knox Helps Stop Your Network Security Breach
  • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT