When we hear about a “cyber attack” in the news, a similar image comes to mind for everyone. It is probably some guy located in a country overseas, hunched over his computer, hacking away. These cyber awareness stories are typically what we hear about in media, however, what many are not aware of is that most cyber attacks stem from within an organization. According to a new survey released earlier this month, almost 7 out of 10 cyber attacks originate from someone inside the company. Because those within an organization have access to company passwords and data, insiders threats can be some of the most difficult to detect. Insider threats are not always malicious and can be caused by even the smallest degree of human error on behalf of the end user. This is why I recommend data driven cyber awareness training.
While this statistic above may seem alarming, it can be a sigh of relief to executives and security experts focusing on solving cyber awareness training. By focusing their cyber security efforts on educating employees, they can mitigate up to 70% of their cybersecurity risk! Recent trends in the cyber security training space show that the industry is moving in that direction. According to Gartner, cyber security education will grow to become a $1.5 billion industry by 2018 from a mere $240 million in 2016. When it comes to cybersecurity, employees can be an organization’s largest risk or their greatest line of defense. Through employee education, security experts can increase awareness and compliance, while simultaneously decreasing their cyber-risk within their organization. It is very important to implement cyber security threat awareness programs throughout your organization.