The Positive Impact & Cumulative Power of Annual Cybersecurity Training
By Kyle Gililland | Vice President, Trace3 Security Solutions
Online threats are a reality for any size business, corporate entity, or nonprofit organization. Even the strongest security defenses and authentication programs require a second level of support—ensuring decisions are made correctly in the moment from the people who use them.
Now is the time to evaluate your readiness to defend against one of a hacker’s most common attack vectors—your employees.
The digital threat landscape today is extensive and constantly evolving. Despite the volume and growing complexity of cyberattacks, one thing remains the same: most of those attacks target your users first. In fact, more than 90 percent of successful data breaches start with a spear-phishing attack. Unlike generalized phishing attempts, spear-phishing attacks are focused campaigns against a specific target within the company, attempting to trick the individual into taking some action at the request of the attacker such as clicking a link, providing a password, or even initiating a payment. While this attack seems simple, the ramifications are both wide-ranging and incredibly costly. In the United States, the average cost of a single data breach was estimated at $9.44 million in 2022.
Digital Data and You
The increased cyber risk has not slowed society’s march toward a fully digital world. The volume of data created, copied, and consumed is estimated to reach 181 zettabytes in 2025, up from just 2 zettabytes in 2010. To see this, you only need to look at your daily routine: every day you increasingly perform basic tasks electronically, from checking your bank balance to paying your gardener. At work, you share client data over email, you manage projects through online filing systems, and you track sales through cloud-based CRM systems.
Rather than being stored in a paper filing cabinet in an office somewhere, most of that personal and highly valuable information is stored digitally. Depending on the service provider, that digital data may be housed in a private, hybrid, or public cloud environment.
The Rise of Cybercrime
There is no question that many cybercriminals are motivated, highly sophisticated, and agile in their methods. At the same time, we’ve seen the tools used by those same cybercriminals trickle down to less sophisticated threat actors through what is called Ransomware-as-a-Service. The emergence of easy-to-use tools has lowered the barrier of entry into the criminal hacker profession. At the same time, the more complex criminals have become more organized, some operating just like our own companies.
The rise of cybercrime is hitting both small and large companies. In 2022, Uber was hit with a largescale cyberattack. This time, the attacker was able to use harvested credentials to authenticate to Uber’s VPN while also tricking the targeted user into authorizing the login request via the multifactor authentication (MFA) platform. Once inside the network, the attacker gained access to not only privileged application systems, but also large stores of employee and consumer data.
With successes like this repeated over and over, we are unlikely to see any slowing of ransomware attacks or the attackers’ attempts to trick our users into opening the doors for them.
Human Error
Given the threat landscape, it is hard to imagine a bigger risk to our businesses than an employee who is unaware or unsuspecting. Of course, an organization must arm itself with a layered approach to cybersecurity, complete with security applications, policies, and procedures to mitigate online data risks. Employees are often the most challenging piece within the security chain, but also our best chance to identify attacks early in their lifecycle. The social engineering developed to deceive people into granting attackers access to organizational data or perform financial transfers to fraudulent destinations will continue to be target No. 1 for attackers.
The Importance of Cybersecurity Training
Several applications and programs are available to help you and your organization understand the current threat landscape. At Trace3, we trust KnowBe4 as our preferred Security Awareness Training partner. Our employees complete annual training via videos and quizzes that help to raise awareness, provide examples, offer insight, and share best practices for working in a digital world. Additionally, the platform allows our users to provide daily feedback on any questionable or suspicious emails, communication requests, or interactions that could be related to fraud attempts. We further help get the message across by using KnowBe4 to send our own phishing emails, testing our awareness program’s success through real world attempts to trick the users, just like attackers would. This allows us to provide targeted training where it is needed most.
A strong cybersecurity training program will lead to five important outcomes:
1. Drive/Raise Awareness – When employees are aware of the evolving threat landscape, they are better equipped to notice and identify digital threats and report them to your IT and Security teams.2. Reduce Threats – With greater awareness comes a reduced risk that something like a phishing or vishing attacks will be identified and ignored.
3. Prevent Downtime – There is always a span of time where operations pause or slow due to a data breach. If you can stop the breach from happening, operations are left to run as normal with continuous uptime.
4. Ensure Compliance – There are rules and regulations to follow in the digital world, and compliance is a major factor. With proper cybersecurity understanding, you can reduce the likelihood of compliance impacting issues.
5. Improve Customer and Employee Confidence – People live in the physical world, but they are also very alive in the digital world. Proper cybersecurity training allows employees to understand their responsibility to the organization, coworkers, clients, and customers as well as how their personal lives can affect their professional lives.
What can you do? Organize cybersecurity training for your users — it’s always a great time to train and retrain your workforce in cybersecurity best practices. To learn more about cybersecurity and the power of cybersecurity training for your organization, contact security@trace3.com.
In addition to decades of practical experience, Kyle holds several relevant security and privacy certifications and routinely advises clients from across the United States in the areas of cybersecurity, privacy, and overall risk management.