Feasible times to be a hacker: Why IT security awareness is more important now than ever
Now that businesses are opening back up and employees are going back to the office after working from home, life is slowly returning to normal. However, during the pandemic, many organizations have failed to recognize a huge issue that is growing beneath the surface. An issue that we know of, but some choose to ignore, namely cyber-attacks.
As strong as the weakest chain
A well-known saying among security experts is that one’s security mechanism is only as strong as its weakest chain. This saying is often used when referring to end-users. These end-users often are employees or users of systems. The general idea is that even though you might have designed foolproof measures, if users do not comply with the way of working that is set up to achieve maximum security, that level of maximum security will never be achieved. This is of course not desirable, since the protective measures haven’t been designed for nothing. Hence why it is of the utmost importance to educate users on the potential dangers and risks. This is known as security awareness.
Increase of incidents
Recently we’ve seen more and more reports about cybersecurity incidents and (data) breaches. It turns out that there is a significant increase in cyber incidents as of late. Although it is difficult to disclose hard numbers, estimations vary from a 70% to 100% increase in cybersecurity incidents compared to the same period in 2020. One must however take into consideration that many cyber incidents are not communicated to the public, so we might in fact be looking at an even greater increase than what is estimated.
Research shows that only one out of three business considers cybercrime a big risk. In other words this means a whopping two out of three businesses do not even consider cyber risks to be a big threat. Taking this into consideration along with the increase in cyber incidents as mentioned above we can see that hackers enjoy very feasible times. And the data proves this. Both businesses as well as individuals have been subject to (spear)phishing campaigns, WhatsApp fraud and online trade fraud, but also more technical attacks such as DDoS-attacks have been launched more frequently. According to an investigation conducted by ABN Amro the costs of cyber attacks also increased. In 2019 the average damage costs of a cyberattack for an organization was estimated to be around €12.000. In 2020 this rose to a shocking €74.000.
How to prevent your organization from becoming a victim of cyber crime
You may wonder what you can do to mitigate and prevent your organization from becoming a victim of cyber-crime. Unfortunately, there is no one-stop answer for that. Being safe and secure from malicious attackers requires a structural dedication of resources.
One thing that is very important is for the entire organization to acknowledge the importance of cyber security, starting from the absolute top – the C suite. If management doesn’t display an interest in protecting the organization, employees will not follow. Management can show its seriousness by freeing time and budget and allocating these to security matters.
Security awareness program
Furthermore we strongly recommend to set up a security awareness program. This awareness program can contribute significantly towards the understanding of cyber risks by employees. An awareness program should not be limited to only one instance, since it has been proven that only continuous dedication to raise awareness sticks to employees. If not done continuously, security awareness knowledge is often treated as volatile information meaning that employees forget the contents after a while.
Security awareness helps employees to recognize and act accordingly once they have identified an attack, such as phishing. Giving clear instructions on how to act and not to forget, where to report incidents, lays a solid foundation to stop cyber attacks in its tracks.
Want more information about IT security awareness?
Are you interested in setting up an awareness program or do you have more questions on how you can protect your organization from cyber attacks? Don’t wait until you have become a victim, feel free to contact Crowe Peak’s IT Advisory department.