Organizations worldwide are expected to spend close to $100 billion on cybersecurityin 2018, up from $86.4 billion in 2017. While most companies see their cybersecurity spending as justified because they believe shiny new technologies can protect them from anything, they are wrong.
According to BakerHostetler’s 2017 Data Security Incident Response Report, which incorporated data from 450 breaches, 32 percent of all cybersecurity incidents are initiated by human error, 25 percent of attacks involve phishing and 23 percent were initiated via ransomware. Finally, 21 percent of cybersecurity incidents occurred due to lost or stolen devices and internal theft.
“No matter what technology we put in place, no matter how much money we spend on protections for the organization, we still have people, and people are fallible,” said Theodore Kobus, leader of BakerHostetler’s Privacy and Data Protection team. “Companies should really ask their workers if they realize they are walking around with sensitive corporate data,” advised Niklas Savanda, Nokia’s Senior Vice President of Enterprise Solutions.
But addressing the true weakest link in cybersecurity – employees – poses a significant challenge for organizations as there is no one-size-fits-all approach to cybersecurity readiness. For example, companies should teach their employees that modern phishing scams have many different and often highly intricate forms, none of which mentions the Nigerian prince or a large inheritance.
Businesses should also address the fact that employees are used to bringing their own devices to the workplace and can’t imagine having it any other way. While it’s relatively easy for companies to enforce stringent password policies and mandate all smartphone users who want to access the network must let the IT staff remotely erase sensitive data in the event of a theft or loss, such practices often lead to cultural resistance to security overreach and a loss of productivity.
What’s worse, small to mid-sized businesses (SMBs) often lack the resources necessary to successfully enforce such policies in the first place. Instead of investing their entire cybersecurity budgets in new technology, organizations should boost their first line of defense against modern cyber threats and take advantage of Security Awareness Training services offered by Vology.
Vology’s Security Awareness Training service provides a cloud-based platform where companies can their test employees against common data security threats. Our social engineering platform features video training coupled with simulated phishing campaigns, gamification mechanisms, detailed reporting and analytics.
Vology has helped countless businesses of all sizes achieve unparalleled efficiency by freeing up their time with our comprehensive range of services, all of which are offered at competitive prices and with our personal approach to customer service, which has earned us a place among the top 25 managed service providers in the world on the MSP 501 list.