Ensuring that your employees have the correct skills to protect your organisation is essential in this day and age. An Information Security Awareness Program will help you make sure that they are well prepared.
The 2019 Data Breach Investigations Report (DBIR) published by Verizon noted that 33% of all attacks are Social in nature, meaning that that they involve the use of employees and users in order to attack or gain access to a system. This report is built on real-world data from 41,6868 security incident and 2,013 data breaches provided by 73 data sources, both public and private entities, spanning 86 countries worldwide and is considered to be a great source of data for security professionals.
Social Attacks, or Social Engineering as it is known, involves the abuse of trust of users of a system in order for an attacker to gain access to an organisation’s internal assets. It is important to note that attackers using this form of action to attempt to breach a system do not necessarily require any technical skills to do so, but instead rely on the trust or mistakes made by company insiders.
33% of all attacks are Social in nature
The most prevalent form of Social Engineering is Phishing, whereby all an attacker needs to do is send an email, possibly containing a malicious link or attachment, to attempt to gain access to an organisation’s internal network, steal money from the organisation, or just gather further information about an organisation or individual.
It is because of these threats that every organisation needs to teach their employees about basic security and the threats that lurk in the depths of the internet. That’s where we come in!
Your employees are the true front line for the security of your organisation!
The aim of an Information Security Awareness Program is to:
- Set up interactive security training sessions for your employees
- Tailor these sessions to the needs of your organisation
- Implement testing before and after to gauge the overall security awareness of your organisation
The end goal of all of this is to instill a sense of security within the culture of your organisation and in turn boost the level of security within that same organisation.
Some examples of general topics that training sessions will cover are as follows:
- Phishing attacks and how to spot them
- Common social engineering practices and how to spot them
- Secure data handling
- Wireless network security best practices
- Mobile device security best practices
- Real-world security incidents and breaches and lessons learned
- Passwords and multi-factor authentication