ATD Blog
Winning Combo: Security Awareness Training and Anti-Phishing Training
Fri May 27 2022
Brought to you by
Content
To reduce the risk of a cyberattack, organizations must confront the fact that humans are their biggest risk. With limited memories and susceptibility to emotional pressure, employees are prone to making mistakes that make companies vulnerable. The best way to protect your organization from cyberattacks is to train your employees regularly so they have the relevant knowledge and skills to remember what to do if confronted with a potential attack.
To reduce the risk of a cyberattack, organizations must confront the fact that humans are their biggest risk. With limited memories and susceptibility to emotional pressure, employees are prone to making mistakes that make companies vulnerable. The best way to protect your organization from cyberattacks is to train your employees regularly so they have the relevant knowledge and skills to remember what to do if confronted with a potential attack.
Content
Cyberattacks are everywhere. The IBM/Ponemon Institute’s 2021 Cost of a Data Breach report calculated the average data breach costs in 2021 to be $4.24 million, a 10 percent rise from 2020 findings. Moreover, costs were even higher when remote working was a factor in causing the breach, increasing to $4.96 million. The United States was the top country for an average total cost of a data breach for the 11th year in a row.
Cyberattacks are everywhere. The IBM/Ponemon Institute’s 2021 Cost of a Data Breach report calculated the average data breach costs in 2021 to be $4.24 million, a 10 percent rise from 2020 findings. Moreover, costs were even higher when remote working was a factor in causing the breach, increasing to $4.96 million. The United States was the top country for an average total cost of a data breach for the 11th year in a row.
Content
Business email compromise (BEC) was responsible for only 4 percent of breaches but had the highest average total cost of the 10 initial attack vectors in the 2021 study, at $5.01 million. The second costliest was phishing ($4.65 million), followed by malicious insiders ($4.61 million), social engineering ($4.47 million), and compromised credentials ($4.37 million). All of these statistics could be decreased with proper security awareness and anti-phishing training.
Business email compromise (BEC) was responsible for only 4 percent of breaches but had the highest average total cost of the 10 initial attack vectors in the 2021 study, at $5.01 million. The second costliest was phishing ($4.65 million), followed by malicious insiders ($4.61 million), social engineering ($4.47 million), and compromised credentials ($4.37 million). All of these statistics could be decreased with proper security awareness and anti-phishing training.
What Is Security Awareness Training?
Content
Security awareness training (SAT) is an indisputable need for any company with employees and an online presence. SAT programs play a significant role in creating a security culture by teaching all aspects of cybersecurity and regulatory compliance procedures that are crucial to protecting organizational computers and other devices, systems, and data. Leading courses present best practices in an engaging and memorable way so learners understand the methods and are motivated to carry them out daily. A comprehensive program should cover these topics, including the whys and hows of:
Security awareness training (SAT) is an indisputable need for any company with employees and an online presence. SAT programs play a significant role in creating a security culture by teaching all aspects of cybersecurity and regulatory compliance procedures that are crucial to protecting organizational computers and other devices, systems, and data. Leading courses present best practices in an engaging and memorable way so learners understand the methods and are motivated to carry them out daily. A comprehensive program should cover these topics, including the whys and hows of:
Content
Basic security hygiene, including IT policies
Basic security hygiene, including IT policies
Content
Remote workspace and home office security
Remote workspace and home office security
Content
Business email compromise
Business email compromise
Content
Mobile device security
Mobile device security
Content
Cybersecurity while in public (proper use of VPN)
Cybersecurity while in public (proper use of VPN)
Content
Data privacy, classification, handling and protection
Data privacy, classification, handling and protection
Content
Spotting and thwarting malware
Spotting and thwarting malware
Content
Password protection
Password protection
Content
Social engineering scams
Social engineering scams
Content
Online security
Online security
Content
Numerous laws and industry regulations require security awareness training to ensure that employees have been taught basic security practices that protect organizational data. For example, HIPAA and the Gramm Leach Bliley Act (GLBA) both have security awareness training requirements, as do PCI DSS and ISO/IEC 27002. In addition, employees of the federal government and many state governments are also required to take annual SAT.
Numerous laws and industry regulations require security awareness training to ensure that employees have been taught basic security practices that protect organizational data. For example, HIPAA and the Gramm Leach Bliley Act (GLBA) both have security awareness training requirements, as do PCI DSS and ISO/IEC 27002. In addition, employees of the federal government and many state governments are also required to take annual SAT.
What Is Anti-Phishing Training?
Content
Anti-phishing training is another essential cybersecurity topic for employees. Phishing attacks have increased exponentially over the last decade and can be quite sophisticated and difficult to detect. Targeted messages, known as spear phishing and business email compromise, deliberately use tactics that evade anti-phishing software filters and often come from hijacked legitimate business email accounts. They are commonly used for information gathering, and people share confidential details because there are so few indicators that the messages are illegitimate.
Anti-phishing training is another essential cybersecurity topic for employees. Phishing attacks have increased exponentially over the last decade and can be quite sophisticated and difficult to detect. Targeted messages, known as spear phishing and business email compromise, deliberately use tactics that evade anti-phishing software filters and often come from hijacked legitimate business email accounts. They are commonly used for information gathering, and people share confidential details because there are so few indicators that the messages are illegitimate.
Content
Use security awareness training to educate your staff about common dangers, such as unsecured networks and password reuse, while also demonstrating secure behaviors like using multifactor authentication, regularly backing up data, and avoiding printing sensitive data (especially when working from home).
Use security awareness training to educate your staff about common dangers, such as unsecured networks and password reuse, while also demonstrating secure behaviors like using multifactor authentication, regularly backing up data, and avoiding printing sensitive data (especially when working from home).
Content
For more information on security awareness training and anti-phishing training, check out available courses from Global Learning Systems in the OpenSesame course catalog.
For more information on security awareness training and anti-phishing training, check out available courses from Global Learning Systems in the OpenSesame course catalog.
Content
Editor's note: This post is adapted from a post that originally published on the OpenSesame website .
Editor's note: This post is adapted from a post that originally published on the OpenSesame website.