FEATURE : CYBERSECURITY
insiders ’. According to this same study , security teams view falling victim to phishing attacks ( 38 %) as the top cause for accidental insider threats , followed by spear phishing ( 21 %), poor passwords ( 16 %) and browsing of suspicious websites ( 7 %). In other words , opening the door for cybercriminals can be as simple as clicking on a link or downloading a file without taking the time to determine whether or not it is legitimate .
Careless and negligent behaviours can have a lasting effect on organisations , especially in the case of a data breach . And with more employees working from home , unable to walk over to a co-worker ’ s desk to get their thoughts on a suspicious-looking email , these individuals are more likely to be susceptible to social engineering attacks . With this in mind , it is more important than ever that CISOs prioritise their employees ’ cybersecurity awareness to help them understand the role they play in keeping networks secure and reducing the insider threat risk .
Creating a human firewall through a culture of security
Considering the fact that employees can be the best line of defence , it is crucial that
CISOs protect their organisations by including employee education and awareness in their cybersecurity strategy . By embracing this technique , leaders can ensure the workforce is prepared to face the various threats .
Regardless of job titles or roles , all employees should understand the repercussions of a security event and how it could affect the organisation and them personally .
The importance of this enterprise-wide strategic approach was highlighted in a 2019 Forbes Insights survey of over 200 CISOs . When asked which security initiatives they plan to prioritise in terms of funding over the next five years , 16 % of respondents noted the creation of a culture of security .
While this is a step in the right direction , establishing a baseline for good cyberhygiene must begin with CISOs helping their employees take cybersecurity seriously . This can be achieved in the following ways :
1 . Prioritise cyber-awareness training
Social engineering attacks are extremely prevalent across organisations simply because they work . In fact , Verizon ’ s 2019 Data Breach Investigations Report ( DBIR ) found that approximately one-third of all data breaches involved phishing in one way or another .
To combat this risk , CISOs must educate their employees about common attacks that could appear in the form of phishing , spear phishing , smishing , or other tech support scams . Whether these lessons are provided through online meeting spaces , video chat , or email , they should be prioritised . Understanding these threats and their associated red flags will be critical in helping employees avoid falling victim to fake emails or malicious websites . In addition to teaching about common indicators of cyber-scams ( i . e ., the promotion of ‘ free ’ deals ), these training offerings should also feature simulated phishing exercises designed to test knowledge and determine which employees might need more assistance .
Through tactics such as these , employees will be better equipped to know when they are the target of a social engineering attack and can , therefore , act accordingly . Fortinet ’ s NSE Training Institute offers a free Information Security Awareness training service to educate
56 INTELLIGENTCIO www . intelligentcio . com