According to the World Economic Forum’s The Global Risks Report 2022, 95 per cent of cyber security issues can be traced to human error. Now, with cyber criminals focusing their attention on the human element, such as through sending phishing emails, it’s more important than ever to raise staff awareness of potential attacks. That’s why cyber security training for staff is just as important as any threat prevention software, why it should be prioritised for new recruits and how consistency is key.
Cyber crime has advanced significantly in recent times, with cyber criminals becoming more organised and executing sophisticated attacks. They now conduct thorough research on businesses, identifying vulnerabilities and studying their operational processes. Since the pandemic-induced changes in work habits, the staff of a company has become the primary target of these criminals.
As a result, phishing emails have emerged as a significant channel for cyber attacks. This type of attack involves fraudsters sending false emails, messages or websites that look genuine, with the goal of tricking the receiver into sharing sensitive information such as financial or login details. According to a report by APWG, December 2021 experienced a record number of phishing attacks, with over 300,000 instances.
Small and medium-sized businesses are particularly vulnerable to these attacks. Barracuda reports that a small enterprise would receive approximately 350 per cent more social engineering attacks per employee than a larger organisation.
Software can’t substitute training
Cyber security training is just as important as any software like antivirus or an extended detection and response (XDR) system. Technology alone is not sufficient to protect against risks, and both training and technology should go hand in hand.
Imagine your IT infrastructure as a house. It’s important to install locks on the windows and doors and to have an alarm system. But if the person who has the keys doesn’t lock the doors and doesn’t know how to set the alarm, the house is still at a high risk of being broken into. The user needs to be trained for it to be effective.
Prioritise training for recruits
The term ‘job hopping’ is being increasingly used as the newer generations, such as Gen Z and millennials, have a higher tendency to switch jobs more often. According to an IBM study, one in five workers voluntarily switched jobs in 2020.
This is an issue from a cyber security standpoint, because so many businesses still don’t include cyber training in their onboarding process. The number of workers starting jobs having had no or very little training in this area greatly increases the risk to businesses.
Consistency is key
Almost all of us will have had the experience of studying to pass an exam, only to forget everything about the subject just a few months later. It’s crucial that the same doesn’t happen with cyber security training. Because cyber threats are ever present and evolving, there must be ongoing training to reduce the risk of a breach.
According to a 2022 report from security awareness training provider KnowBe4, based on its 9.5 million users, initial base-line testing revealed that an average 32.4 percent of users are prone to fall for phishing attacks. Of those same users, 17.6 per cent will fail within 90 days of completing their first KnowBe4 training. After a year of using the training platform, only five percent of users would fail a phishing test.
OryxAlign has a long-standing partnership with KnowBe4 and has created a managed service that provides the setup, testing and results, using KnowBe4’s extensive library of webinars, quizzes, games and even a Netflix-style TV series.
The service simulates a phishing attack by sending randomised fake phishing emails to employees every quarter. The training is then customised to the level of the user, with users who test poorly being given extra training based on what they did wrong.
