5 Reasons to Prioritize Security Awareness Training in 2018

Victims of cyberattacks are in the news nearly every day. These organizations are big and small and represent healthcare, finance and utilities to local government and entertainment.

In their 2016 Cyber Security Intelligence Index, IBM actually found that 60% of all attacks were carried out by insiders, which are employees or others with internal access to an organization’s systems. Of those, three-quarters involved malicious intent and one-quarter involved inadvertent actors. In other words, the role that insiders play in the vulnerability of all organizations is growing.

Security awareness training puts both employees and management on the same page when it comes to IT security and the roles that they play in it. Security awareness training helps organizations to better understand IT governance, how to handle incidents when they do happen, and to respond to customer’s concerns. Most importantly, security awareness training can reduce the impact of a security incident — or help to stop an incident from even happening.

If that isn’t enough to convince you, here are five more reasons why security awareness training should be a priority on your organization’s to-do list for 2018.

Social engineering, where an attacker uses human interaction and other social techniques to compromise information about a system’s users, continues to be the go-to strategy for cyberattackers. An attacker may seem unassuming or even official by posing as a fellow employee, help desk technician, or researcher by phone, email or in person, but in the end, the attacker is able to piece together enough information to infiltrate an organization’s network.

No matter their tactics, social engineering attacks leave far less in terms of a digital trail behind them and often take far less energy to conduct when compared to a technical exploit. These factors combine to make these attacks on your organization’s weakest (Read more…)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Patrick Mallory. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/kd8PGPNJnxw/