By Sara Sosnowski, courtesy of SBAM Approved Partner ASE
We have all sat through trainings on the latest and greatest technologies that our organizations are implementing, but when is the last time you attended a training on cyber security? Technology is constantly evolving and while that means more convenience and productivity it also has opened new doors for cyber criminals to get into your systems and access your information.
The Chubb Cyber Index claims that data shows there has been a 1,215% increase in the number of commercial cyber insurance claims over the past 10 years. However, Chubb’s Third Annual Cyber Risk Survey found that only 31% of employees reported that their employer provides them with company-wide trainings and education on cyber security annually. Even though the risk of cyber-attacks continues to be a big concern for employers and employees alike, there is a disconnect between recognizing the risks and taking the appropriate steps to minimize them.
The survey points out that while individual employees are increasingly aware of cyber vulnerabilities and exercise some best practices, they often don’t recognize different sources of exposure and cannot spot incoming attacks. While 54% were able to define ransomware, it was the only common form of attack that was correctly identified for most.
-
59% could not identify credential stuffing, an attack by cyber criminals to programmatically target a single online user using an email address and multiple password attempts.
-
72% could not identify Emotet, a type of malware which is designed to steal financial information and online banking credentials.
-
74% could not identify Ryuk, a new strain of ransomware that infects the victim’s main computer systems and hides itself as a legitimate VPN user.
With the increase in cyber attacks your employees are now on the front line of protecting your business and without educating them on what to look for they will be unprepared to do so. Only 19% of employees said that they learned about cyber security protections through their employers. More than often they are learning from mainstream media (35%) or family and friends. (34%).
As the report states, “As cyber criminals become increasingly sophisticated in their efforts to breach company systems, a general understanding of these common attacks—and how they are enacted—can be extremely valuable. By requiring employees to undergo annual trainings, much of which can be conducted online and limited to an hour, employees may be able to identify breach warning signs before they become full-blown attacks— allowing companies time to potentially intervene before significant losses occur.”