The Human Firewall: Why Employees Play a Critical Role in Cyber Risk Management
Written by: Black Kite
Nearly every employee at your organization has access to secure company data, making them the first line of defense your company has against a cyber attack. Many hackers are now targeting vulnerable employees with insecure devices instead of focusing on a single company.
You can’t defend yourself against what you don’t understand. HIPAA, PCI-DSS, and NIST 800-53 are mandating employee security training because cyber risk management it’s a critical issue. If you haven’t already, develop a cybersecurity awareness program that keeps up with the evolution in the digital threat landscape.
Human error accounts for 90% of cyber breaches
Ninety percent of cyber breaches derive from human error, yet only one in 9 companies provide cybersecurity training. You may think state-of-the-art security software alone will protect you, but even the most advanced technology will fall short if employees are not trained to identify suspicious online activity.
Your company’s human firewall is just as important as its digital. In fact, phishing attacks make up one-third of today’s data breaches according to the Verizon Data Breach Investigation Report. Although most employees are aware of phishing email scams, 50% of employees that received suspicious links still clicked on them.
There are a number of programs now available to organizations of all sizes. Many basic training courses are no or low cost, however more robust training is worth the investment. With the average cost of a data breach exceeding $4 million in 2021, it pays to educate.
Cybercriminals are constantly evolving their playbook
Sixty percent of cybersecurity professionals agree their staff is the weakest link in IT security. Many employees are already aware of the danger cyber threats pose, but don’t know how to identify them. Implementing security training for all employees both instills confidence and lowers the risk of attack by 70%.
Training should take place once a year at minimum. Topics to advance employee education include how to identify and report threats such as phishing, the importance of password security, and how to efficiently report security threats. Hackers create 450,000 new malicious programs each day to override existing safety measures.
Similarly, hackers took advantage of the sudden onset of the pandemic. Phishing domains regarding COVID-19 drug information spiked 800% in March 2020 alone. Many of these requests are personalized to make it look like an internal email. Cybersecurity training programs quickly analyze and update lesson plans accordingly to maintain a comfortable level of security across the board.
Remote work now plays an important role in supply chain security
Supply chain attacks increased by 78% in 2020, partially because working remotely provides an ideal landscape for phishing hacks. Companies are becoming more aware of third-party cyber risk, and they want to see their third parties implementing preventative measures to protect shared information.
Cyber risk rating platforms like Black Kite identify vulnerabilities in email security and make it easy to report findings.
Learn moreNIST recommends a “one strike and you’re out” policy for managing digital supply chains. A single individual, whether internal or belong to a third party, has the potential to cause catastrophic damage on a supply chain within minutes.
Black Kite’s strategy report can inform third parties within your supply chain of poor cyber posture to take a uniform approach on how to mitigate risk.
Maintain your brand reputation and vendor relationships
46% of consumers and vendors blame an organization for the occurrence of a data breach. A data breach has the potential to heavily weigh on a company’s reputation. In extreme cases, this can even lead to extinction, as over half of small companies go out of business within 6 months of a data breach.
Vendors and clients are now asking for proof of a secure cyber ecosystem and can often be found on compliance questionnaires used to manage partnerships and business transactions. A cyber rating and compliance questionnaire are projected to be just as important as credit scores in order to conduct business.
Creating a training plan that spans the entirety of your organization allows employees to understand IT security procedures and better protect the company’s security at large. Implementing security training instills an employee culture of shared responsibility, confidence and safety. There’s strength in numbers, and it’s time to get everyone on board with your cyber defense plan.