As we look to build our cyber resilience as organisations, we must look at where the risks are coming from. Unfortunately, the avenues under which attackers and cybercriminals find us are constantly changing. Progressively, the method used by these individuals is one that targets other individuals – your people. A classic example of this would be phishing via email.
Other forms of attack are actually in decline – whilst 90% of success cyber-attacks now feature some form of human error.
So, why is this happening? What are the barriers we need to break down in order to overcome this alarming spike in human error related attacks?
- Firstly, we need to accept that traditional training does not impact behaviour. Sitting your employees down and making them watch training on cybersecurity is non-engaging and is proven to be rather ineffective in actually influencing behaviour. Often, these types of seminars or trainings are only undertaken because they are ‘a box to be ticked’ – which is the view that attendees seem to take too.
- Secondly, there really aren’t any metrics or data that can allow cyber-security professionals to ascertain whether training has been effective. Just because people have been made aware of something (i.e awareness that they are risks present), doesn’t mean that the awareness will actively change their behaviour.
- Finally, there is no access to guidance, help and ideas for organisations. At the point of need, users don’t have anywhere to turn.
At Core to Cloud our customers are investing in human cyber risk management solutions aimed to rectify these shortfalls and challenge traditional beliefs. By assuming that users want to learn about cyber security, and that their ‘wrong behaviour’ can be altered, we’re perpetuating the issue. What we actually need to turn the tide on the statistics we mentioned earlier, is a solution that takes 3 things into account: Awareness, behaviour, culture.
This can be done using AI…
“At CybSafe, we’ve introduced AI-machine learning to our unified cyber awareness platform for a few reasons. CybSafe’s AI-machine learning monitors individual security knowledge, individual security habits and individual security attitudes. Importantly, the innovation then tailors security awareness training in response. Those happy to shoulder risk might require additional training. If that’s the case, CybSafe picks it up and automatically offers supplements in response.”
With employees at home and organisations spread across a wider area, protecting data has become even more challenging. That’s why behaviour change is so key in driving the number of attacks down. By improving cyber awareness training, alongside other security providers, organisations can begin to:
- Raise awareness and improve behaviours
- Consult metric for better cyber risk decisions
- Measure culture change and attitudes
- Simulate attacks
- Support people and grow with the latest advice, help and ideas
To find out more about engaging your organisation with innovative cybersecurity and cyber resilience education, speak to the Core to Cloud team today.
At Core to Cloud, we’re passionate about sharing the extensive knowledge base we have at our fingertips.
As always, if there’s anything we can do to help, please get in touch and if you have any specific questions please contact firstname.lastname@example.org