Greater focus on security training needed

Research shows that 74 per cent of all data breaches include the “human element”, meaning a person plays a role in the issue.

This is why security training is so important. KnowBe4’s 2023 Phishing By Industry Benchmarking report discussed why companies need to invest in the training of their employees and not be reliant on technology as the only means to protect information.

“As the human layer continues to be the most enticing attack vector, criminals are showing their willingness to search for any weakness, targeting employees in both professional and personal settings,” said KnowBe4.

“Sadly, most organisations continue to focus on technology-based security layers while ignoring the human layer. Additionally, most humans remain vulnerable because they don’t take precautions in their personal lives to prevent being compromised.”

According to the report, in Australia and New Zealand, phishing is the most successful form of attack from cyber criminals. This includes ransomware, fraud, financial and identity theft, and business email compromise (BEC).

The Australian Cyber Security Centre’s ACSC Annual Cyber Threat Report, July 2021 to June 2022, revealed that there were 76,000 cyber crime reports made in the period. That’s one report made every seven minutes.

There was also a 25 per cent increase in the number of publicly reported software vulnerabilities, an increase in financial losses due to BEC to over $98 million, and an average loss of $64,000 per report.

As a whole, the Australian Competition and Consumer Commission (ACCC) found that 2022 saw $526,292,444 lost to scams in the country, up from $323 million in 2021.

This shockingly large number proves why businesses need to do more to protect their assets.

KnowBe4 continued: “Most humans remain vulnerable because they don’t take precaution in their personal lives to prevent being compromised.”

“Cyber threats continue to grow as criminals rely on the tried and tested attack methods while developing new, more sophisticated ways to infiltrate digital environments and minimise the effectiveness of your human defence layer.”

“To best defend your organisation from a cyber attack, employees must have the knowledge, adapted habits and behaviours necessary to drive a culture of security. Training needs to be transformed into something more developed, consistent and instinctive,” said KnowBe4.

With this in mind, organisations and their IT departments need to place greater emphasis on training and awareness. Relying on technology to prevent issues only weakens your security and can mean greater losses if an attack happens.

KnowBe4 listed three key takeaways businesses should build upon:

1. Educating everyone about basic cyber hygiene must be top of the agenda to bring awareness.
2. Providing consistent guidance and support to all organisations regardless of their size, as they are all a target.
3. Implementing ongoing relevant and engaging security awareness training supported with ongoing simulated phishing emails will shift us to the desired outcomes.