Cybersecurity Awareness Training
knowing, is half the battle
Cybersecurity
Awareness
Training
knowing, is half the battle
Share this guide:

For many people, the thought of cybersecurity and cyberattacks conjures up scenes from movies like ‘Hackers.’’  When those movies were made the internet was still in its infancy and much less of our world depended on it. 

Today, it is a very different situation. 

Before the coronavirus pandemic pushed us even more online as we try to social distance, much of our daily lives are run and/or facilitated via digital solutions on the internet. 

In our personal lives, this involves all the apps and websites we use on our various devices. In our professional lives, this involves the digital solutions your organisation uses to collaborate with each other, engage with customers, and do business with other companies. 

Table of Contents

In our highly networked society, your daily business activities my not put you behind a computer, but invariably in the 2020’s and beyond, your business is relying on digital solutions to operate. These could be as commonplace as online banking and payment services, or more complex solutions like customer databases, inventory management and supply chain systems. If they are connected to the internet, they are under threat.

Just as much as these digital solutions provide an advantage, they also carry with them risks that need to be understood. Those risks are the chance that some unauthorised person or group could access those digital solutions, and use them to harm your organisation or your customers. We can all agree, this is unacceptable.

In this series of articles and their accompanying videos, we will provide resources and best practices to help your organisation train its staff on creating cybersecurity awareness.  You might be asking, “why train my staff and not purchase some fancy, AI-powered hacker busting super system?” 

Let’s find out why. 

Why Cybersecurity Awareness Training is Necessary

You can’t operate your business without employees, making them indispensable. But because they interact with your systems on a daily basis and they have varying levels of technical literacy, they also represent the greatest threat to your security. 

And oftentimes they aren’t even aware of it.

The "People" Problem

You could spend so much time and effort on getting the right technology in place and setting up an expensive security department, only for your employees to be the entry point for cybercriminals. 

Some employees choose easy to remember passwords that are less secure. Some employees use the same password across multiple accounts. It makes remembering the passwords easier but it also makes it possible that a hacked account (a marketing tool for example) could give access to a more critical business system. 

Without being aware of what to look for, even your email inbox could be a minefield. Some employees are more easily fooled than others, which is why phishing scams work so well and are the main method cybercriminals use to gain access.

Top 30 passwords in the world
30 of the most common passwords, in English.

Before we move on to the first section of our cybersecurity awareness training on password security, I want to take a moment to impress upon you the necessity for this with some facts and figures.

Cybersecurity Facts and Figures

According to Verizon’s Data Breach Investigations 2019 report, 81% of all data breaches were caused by “weak passwords” being compromised.  In the last few years cyberattacks have not been so much about directly stealing money or selling off valuable data, they’ve mostly been about holding data and systems ransom.  Why? Because it’s a quick payout using cryptocurrency.

Source: Cloudwards

The average ransom demand in 2020, is $178,000 [2], but for small businesses, the average is only $5,900 [3]. Don’t think this difference is out of the kindness of that attacker’s hearts, this what they think they can get away with.

Weak passwords and phishing attacks have been instrumental in doing their part in allowing cybercriminals access to these systems. Unfortunately, because this method is very effective, it has gained in popularity resulting in there being a lot of automated tools out there for cybercriminals to choose from. Performing a ransomware attack does not necessarily require a high level of skill, and so it attracts low-skilled opportunistic groups and “script kiddies.” Some ransomware kits go for a low as $50 [4].

The three most common ways of ransomware being implemented are via ransomware emails (phishing emails), software vulnerabilities and server weakness exploits [5]. In phishing emails, attackers will often attach a file infected with the ransomware. Annoyingly the most common infected file formats are also very commonly used .DOC and .DOT extensions for Microsoft Word documents.

Increasing cybersecurity awareness is not only about protecting your money and intellectual property, 2020 became the first year that someone died from a cyberattack [6], and it was due to a ransomware attack. 

If you aren’t training your staff then you are missing a huge opportunity to boost your security. Understandably,  not every organisation has the time, money or resources to invest in creating a cybersecurity awareness training program from scratch.  It’s with this in mind that we’ve created this series of articles and videos for you to use. Whether it’s using this information to support you in creating your own training program or directly sending these videos or presentation to your staff, what matters most to us is that you take action to protect your business from cybercrminals.

Below you can find buttons to download the presentation for you own use, or a video of our presentation.

More sections will be added as they are made. Check back frequently, and follow us on social media to be notified when this page is updated. The next sections will cover Password Security and Phishing Scams

References

[1] http://blog.lastpass.com/2019/05/passwords-still-problem-according-2019-verizon-data-breach-investigations-report/
[2] https://www.coveware.com/blog/q2-2020-ransomware-marketplace-report#1
[3] https://www.datto.com/resource-downloads/Datto2019_StateOfTheChannel_RansomwareReport.pdf
[4] https://nakedsecurity.sophos.com/2017/12/13/5-ransomware-as-a-service-raas-kits-sophoslabs-investigates/
[5] https://www.coveware.com/blog/q2-2020-ransomware-marketplace-report#1
[6] https://www.nytimes.com/2020/09/18/world/europe/cyber-attack-germany-ransomeware-death.html

We’re spriteCloud, a leader in software and cybersecurity testing.

Aside from interesting articles, we also have a team of software testers that can help your organisation.

Have a look at our testing solutions.

Stay up-to-date on all things quality assurance, test automation, and cybersecurity.

Subscribe to our mailing list!