Your Employee's Cyber Awareness Is Critical

Uploaded on 2021-04-05 in TECHNOLOGY--Resilience, JOBS-Training, FREE TO VIEW

As part of the Coronavirus lockdown, non-essential businesses were forced to close their physical premises and move to ways of remote working to continue functioning and because of the less cyber secure home-working in 2020, organisations saw an increase in both ransomware and phishing attacks. On top of all the current cyber security issues with the virus, phishing scams have significantly increased.

Cyber criminals wasted no time in exploiting this opportunity, casting thousands of COVID-related lures onto perhaps more vulnerable than usual users.

According to thier 2021 State of the Phish Report  from Proofpoint, the majority (92%) of UK organisations required or  requested that most employees work from home due to the pandemic, which presented its fair share of teething problems, some of which organisations are still experiencing to this day. Organisational preparedness for remote working is not great and employees were not well-equipped to work remotely. In response, many organisations increased security awareness training and many organisations offered training on how to stay safe while working remotely.

While implementation of additional training is certainly good news, it should not take a global health crisis for organisations to prioritize security awareness.

To be effective, cybersecurity training must take place regularly, continually adapting to address the threats of the moment. It must be a central part of an organization’s security program, all year round. In the first half of 2020 cyber criminals took advantage of the heightened interest surrounding the pandemic, resulting in a flood to phishing email  unlike anything Proofpoint researchers research team has ever seen. While the tactics changed throughout the year, the target remained the same. Some offered cures, others promised speedy tests and priority access to vaccines. Many encouraged victims to hand over valuable credentials.

An appetite for the latest COVID-19 developments was just one factor fueling the phishing fire. Cyber criminals also struck at a time of significant disruption and distraction. 

Many organisations, recognising the elevated risk, conducted COVID-specific security awareness training. Results were good in test conditions too. Average failure rates for the most frequently used COVID-related lures ranged from less than 1% to around 20%. However, awareness is not quite enough. Security best practice behavior only really changes when employees are embedded in the program. For example, an employee receiving a notification to confirm that the potential phishing email they reported was in fact malicious, helps to drive and incentivise a security-first culture, however, this level of training is rare.

Only 64% of organisations conduct formal training sessions, either virtually or in person. For almost two-thirds, training of any sort takes place no more than four times a year. And 36% only train users in certain roles or departments.

Failure to equip employees with the knowledge to detect and deter such attacks is negligent and the response to COVID-related phishing attacks has shown that relevant, targeted, and in-context security awareness training works. Rather than reverting to type once the pandemic subsides, organisations must use this experience to implement long-term training programs that actively seek to change risky behaviors. Programs that focus on the individual and adapt to current, real-world threats.

This is only possible by placing users at the heart of your defence. They are often the only thing standing between the success and failure of an attack. The level of training they receive needs to reflect these high stakes.

Security awareness training must go beyond jargon, definitions of common threats, and multiple-choice tests. It must leave users in no doubt about their responsibilities and the consequences of failing to uphold them. When you deliver this comprehensive, people-centric training regularly, you create a security culture. A culture in which your people understand how simple behaviors can put your organisation at risk. In which all users know how to prevent, detect and deter cyber-attacks and in which best practice becomes standard practice.

The executive business decision-makers are important stakeholders in your organisation, but for security awareness training, users are the most important stakeholders. 

User engagement is critical if you want to make security a core part of your organisation’s culture, making sure that your workforce is aware of the basic cyber security behaviors is also critically important in this new environment. Organisations must have a culture of data security and data privacy and employees need to understand that they are the caretakers of their own organisation’s valuable and often sensitive data, much of which also consists of customer information.

Business need cyber security training and we at Cyber Security Intelligence recommend GoCyber training for all employees and management – it is excellent – please contact us for a free trial.

Proofpoint:   NCSC:   Infosecurity Magazine:   NCSC:       Infosecurity Magazine:     Action Fraud:    Image: Unsplash

You Might Also Read: 

How Has A Year Of Pandemic Changed Cyber Security?:

 

« The European Union Adopts A Cyber Security Strategy
The Satanic Mills of the Fourth Industrial Revolution »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Opengear

Opengear

Opengear ensures network resilience to enterprises by enabling business continuity with the Network Resilience Platform.

Trust Guard

Trust Guard

Trust Guard services provide complete security for your website.

NOW Insurance

NOW Insurance

NOW Insurance provides small business owners and other professional classes with a seamless purchasing experience for general liability, professional liability, and cybersecurity insurance coverage.

Quside

Quside

Quside, a spin-off from The Institute of Photonic Sciences in Barcelona, designs and manufactures innovative quantum technologies for a wide range of applications including cyber security.

Lattice Semiconductor

Lattice Semiconductor

Lattice Semiconductor solves customer problems across the network, from the Edge to the Cloud, in the growing communications, computing, industrial, automotive and consumer markets.

Novacoast

Novacoast

Novacoast helps organizations find, create & implement solutions for a powerful security posture through advisory, engineering, development & managed services.

Guardey

Guardey

Guardey protects thousands of SME's environments. Whether your team works at the office, at home, at the customer or remotely. We protect your business. We do this in an accessible and affordable way.

Upstack

Upstack

UPSTACK - One partner, end-to-end expertise, helping develop the solutions you need – when you need them.

Prophaze Technologies

Prophaze Technologies

Prophaze enable organizations and SaaS providers to improve their web application cybersecurity and reduce costs through AI automation.

Entro Security

Entro Security

Entro is the first holistic secrets security platform that detects, safeguards, and enriches with context your secrets across code, vaults, chats, and platforms.

Covenant Technologies

Covenant Technologies

Make Covenant Technologies the only choice for your IT and cybersecurity recruitment needs. We deliver quality candidates at the forefront of the cybersecurity and IT industry.

Zyber 365 Group

Zyber 365 Group

Zyber 365 are providing a robust, decentralized, and cyber-secured operating system which adheres to the fundamental principles of environmental sustainability.

Technoware Solutions

Technoware Solutions

Technoware Solutions is a global company committed to helping entities navigate the digital waters of modernizing their system processes in an ever changing cybersecurity landscape.

Seal Security

Seal Security

Seal Security revolutionizes software supply chain security operations, empowering organizations to automate and scale their open source vulnerability remediation and patch management.

DATS Project

DATS Project

DATS Project enables the utilization of high computing power across a number of cybersecurity services, all on a pay-as-you-go basis, eliminating the need for upfront investment costs.

CrashPlan

CrashPlan

CrashPlan provides peace of mind through secure, scalable, and straightforward endpoint data backup.