Ransomware and phishing remain the top two cyberthreats today, a fact that many different studies will attest to, and often, human error is to blame for successful breaches. Cybersecurity awareness training has become essential for business, but it is often an exercise that is not given sufficient attention because the liability for a breach has been limited. However, recently a new precedent has been set, withto an individual who lost money due to a manipulated email from the firm.
The plaintiff’s argument centred on the fact that ENSafrica owed her a duty of care, and a legal responsibility to warn her of the dangers of BEC, and that they should have made use of secure channels to send banking details, rather than unencrypted channels and unsecured PDFs. It also emerged during the trial that cybersecurity training was inadequate at the firm, despite the growing threat landscape.
This also cannot be a generic exercise, because there are specific potential risks and scenarios that will apply to different businesses. An individualised risk assessment is essential, as is developing a playbook on how to deal with potential threats. Knowing the risks, planning the response and having processes in place to deal with threats is imperative.Knowing and planning are not enough unless all staff are also aware of and trained on the risks and the procedures to follow.
This is typically not a core skill for most businesses, which is where an expert outsourced provider can assist. A cybersecurity expert can assess risk, compile a complete training plan covering all components, and implement measurements to test these, as well as tailor training to individuals depending on their role and risk.
With cybercrime continually on the rise, and businesses now being potentially liable for the financial losses of clients as a result of breaches, the importance of cybersecurity awareness has never been more evident. A focused, specific, and effective approach is essential in ensuring organisations play their part in protecting against cyberattacks.