Execs Say Phishing Is Biggest Threat To Business
By: Jim Stickley and Tina Davis
December 18, 2019
A recent report finds enterprise leaders believe phishing is the top threat to their organizations. The State of Security Awareness Training report by CybeReady shows 75% of executives believe email phishing attacks and the poorly trained employees who act on them can spell big trouble for business. Although they believe cyber education for employees is vital to security, 60% of staff receive training less than once every four months. The divide between phishing as a known threat and providing the proper training needed to avoid being the next victim has yet to be bridged. The future success of an enterprise may depend solely on an employee knowing the signs and signals of a phishing email.
Investing in systems security is a big part of staying safe and should be continually updated to address new and trending threats. However, 58% of decision makers believe awareness training surpasses technology solutions, and that investing in educating employees is just as important. Although it need not be a financial investment like system security, customized cyber education on a regular, even monthly, basis keeps employees on their toes and aware of ever-changing strategies and methods that hackers continue to refine.
And since it’s not just phishing emails anymore, well trained employees also know that websites and links also need scrutiny and validation before being acted upon. Before hitting that return or enter key, it’s imperative these days to triple check the URL.
Smart and effective awareness training can also teach employees in particular job functions about the unique phishing challenges they may face. For instance, someone working with finances may receive phishing that targets payment accounts. A hacker can create fake emails and invoices from a trusted vendor, and an employee who knows how to tell the difference doesn’t send company funds into a hacker’s account.
Research shows that 60% of small-to-medium-sized businesses fail to recover within six months of a data breach. Smart enterprise leaders know the threats facing an organization are many and their cyber-smart employees know the signs and signals to look for. Occasional employee training isn’t enough anymore and should be part of the commitment a company makes to its current and future cybersecurity efforts. Like using the right technology to keep data systems safe, the right employee education is just as important. Experts agree, a robust plan of regular training that’s relevant, data driven, and memorable a can benefit an enterprise as much as the best system security can.