The Responsibility of Cyber-Security Should Begin at the Executive Level

August 15, 2016   //   Security, ,

According to a recent survey from cybersecurity firm Tanium and the Nasdaq, 90 percent of execs admit they are not prepared to handle a major cyber-attack if it were to happen, and 40 percent don’t feel that cybersecurity is their responsibly (1).

As cybercrime continues to impact businesses of all sizes at an alarming rate, the responsibility of preventing an attack should not be placed solely on the IT department; rather, it should be driven as a company-wide initiative.

According to the Center for Strategic and International Studies, $445 billion was stolen from companies all over the world due to poor cybersecurity defense last year alone (2). Cyber-attacks, especially those targeted at end-users through phishing, have become not only more sophisticated, but the frequency and severity of the attacks have increased as well.

cyber security white paper

The User Is Your Biggest Weakness

Humans remain the path of least resistance when it comes to accessing your company’s most valuable assets. A study conducted by the Georgia Institute of Technology found that 90% of people can’t identify phishing emails (3). Based on our extensive research and countless security assessment tests conducted for our clients, we’ve found that, on average, about 50% of users will click on a malicious link. Keep in mind, all it takes is just one click for a company to fall victim to a phishing attack.

You Have Already Been, or Will Be Breached

While data breaches in larger organizations like Sony and Target make headlines, hackers are attacking organizations of all sizes. Incidents detected by midsize U.S. organizations have led to an estimated average financial loss of $1.8 million per company annually, according to PwC, CSO magazine (4). The true loss is likely far higher, considering a majority of attacks (up to 70%) go undetected (5).

In today’s digital world, cyber threats will continue to multiply and add pressure to the security defense of an organization. The use of Internet, advancements in mobile devices (in combination with bring-your-own-device) and the adoption of new applications are all increasing the number of points of access to your data and, in turn, motivating a new crop of cyber criminals who are eager to leverage these relatively low-cost, low-risk approaches to stealing your company’s most valuable assets.

The following statistics illuminate how bad the phishing problem has become:

  • Approximately 500 million computers are infected by a hacker-controlled networks (known as botnets) each year, translating to 18 victims per second (6)
  • The average user has 3-4 devices (7), many with access to your organization’s data
  • 140 million new malware was created in just one year (8)

How to Protect Your Business Against Cyber Crime

The defense against cyber-crime begins at the root – your users. Shore up your weakest link by testing, educating and repeating this process.

  1. Test: Run a social engineering test and a phishing campaign against everyone in the organization – no exceptions.
  2. Educate: Provide user awareness training to all employees, contractors and partners. Use the results from the test to show the reality of risk to your business.
  3. Repeat: Run the test and training program regularly.

The time is now for executives to start making security a top priority. Learning about the types of phishing attacks being used and the steps you should be taking to protect against cyber-crime is essential to securing your company’s future.

To learn more about SWC’s Security Awareness Training program or to speak to our security experts on what it takes to protect your business from today’s biggest threats, contact SWC or attend our next technology event.

cyber security white paper

Source: (1) (2) (3) (4) (5) (6) (7) (8)