Since 1990 when we were introduced to the World Wide Web the internet has impacted almost every aspect of our lives, and the way we do business. The biggest impact has been the change to the way, and speed, that we communicate with others and the amount of information we share. Email, instant messaging, voice over internet protocol (VOIP), web conferencing, social networking, forums and cloud document management enable us to keep in regular contact with friends, work colleagues, customers and suppliers, and share data with them. The downside of this is that it has provided the opportunity for criminals to use the same channels to access our information and data.
Worldwide cyber-attacks are growing in number daily with experts quoting the cost to be $10.5 trillion annually by 2025, up from $3 trillion in 2015. It is estimated that in 2023 there will have been a cyber attack globally every 39 seconds. The largest cyber insurance payout in the US in the last 2 years was $3.52 million1.
The main aim of online criminals is to steal money or an identify, whether from an individual or organisation, and they will go to extreme lengths to achieve this. According to Microsoft, a cyber-attacker spends an average of 146 days within an organisation’s network before detection4. This can be despite sophisticated security protection software and knowledgeable personnel employed to keep a company’s servers secure, all of which comes at a significant cost. The UK Government’s Cyber Security Breaches Report 20232, states that 69% of large businesses have experienced a cyber attack in the last year, however fewer small businesses have reported cyber attacks, with 32% saying that they’ve experienced an attack. This was thought to be due to the cost of living crisis, that cyber attacks have become a lower priority in small businesses and therefore there has been less monitoring of attacks. When you consider that around 43% of all cyber attacks are aimed at small businesses it’s important that cyber security is made a priority.
Phishing attacks remain the most likely form of cyber attack equating to around 80% of all types, with 93% of large businesses reporting having experienced them. The most common form of Phishing attack is staff receiving fraudulent emails or being directed to fraudulent websites. A lesser number are people impersonating another organisation, or viruses. Interestingly only 10% of large businesses, and 2% of all businesses, have reported unauthorised access to their online systems by people outside their organisation. Some good news is that the UK has seen a fall in ransomware attacks, from 17% to 4%2.
There are many ways that businesses can identify their cyber security risks and work to reduce them:
1. Tools to monitor security risks
2. Risk assessment
3. Test and train staff
4. Vulnerability audit
5. Penetration testing
6. Purchase threat intelligence
For advice on carrying out a cyber security risk assessment take a look at the National Cyber Security Centre’s information on risk management.
The reasons for testing staff with mock cyber attacks is that 70% of all cyber attacks are caused by staff mistakes or a lack of understanding of cyber security. A recent security study found that in 96% of respondents there was an overall improvement in business cyber defences, with a greater level of awareness in their staff of the threats. Delivering cyber security training to staff provides them with the tools they require to reduce the cyber attack threat in the workplace and also in their personal lives. In the last year, 20% of organisations in the US experienced a security breach as a result of home working5. But it’s not just homeworkers who will gain from training in cyber security, everyone who uses the internet in their personal lives will also reduce their risk of social engineering and phishing attacks.
For a wide range of online courses to train staff in identifying and dealing with cyber attacks, take a look at our range of Cyber and Information Security training.
Author: Carolyn Lewis, Head of Business Development, eLearning Marketplace
You may also like:
How to Ensure that L&D is the Foundation for a Successful Business
Do we Need Trainers with an AI Driven LMS?
Business Improvement in Challenging Times
Sources:
1. https://www.getastra.com/blog/security-audit/cyber-security-statistics.
2. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023
3. https://www.embroker.com/blog/cyber-attack-statistics/
4. https://www.microsoft.com/en-us/cloud-platform/advanced-threat-analytic
5.https://www.cybsafe.com/blog/7-reasons-why-security-awareness-training-is-important/