Security awareness training must be the foundation of “cyber culture”

Businesses can no longer rely on technology alone to mitigate the risks that come from cyber threats, especially while many workforces work remotely through the pandemic, according to  Giacom Product Manager Daniel Warelow, cybercriminals are using change sparked by COVID to their advantage.

He thinks that the channel plays a key role in the fight against cybercrime as organisations cannot be expected to stay one step ahead of cybercriminals and adapt to new threats on their own, but by relying on the help of their MSP, businesses can feel confident that they have the right education and tools in place to combat the risk of cyber attacks.

“There remains a large cyber skills gap across many businesses, and with the immediate move to remote work over the last 12 or so months, being away from the help of on-site IT teams, organisations are more vulnerable than ever. Finding the right vendor and solutions to tackle these evolving threats is crucial, and end-user organisations need to work effectively with Managed Service Providers (MSPs) to stay ahead of the attackers. This enables MSPs to become trusted IT security advisors for the businesses they support, helping them to create a secure business and custom-fit security approach”, he said.

In addition to this, to meet growing cybersecurity threats to organisations, channel partners can increase their value to their customers by ensuring they have the right security solutions and training programmes in place across their existing portfolio. MSPs must take a proactive role in understanding the current state of a customer’s ability to protect against, prevent, detect and respond to modern cyber threats when recommending the best approaches to being cyber resilient.

By addressing “pain points” and providing assurance around the security of their working environments, partners can build and strengthen the relationship with their customers, while recognising the opportunity surrounding the related additional revenue streams.

“Employees are a vital part of any business’s security strategy – they are the soldiers on the front line in the battle against hackers. However, if they are not educated or trained in what to look out for when it comes to security, the human can also become the open gateway for cyber attacks to take place, playing upon user vulnerabilities”, Warelow said.

When working from home users have additional pressure to work harder and faster, which is when more mistakes can happen. Apparently, 95 percent of cyber security breaches are due to human error, demonstrating how dangerous humans can be. These internal business risks, such as sending an email to the wrong person or with an incorrect attachment can harm a business – not only in terms of financial repercussions, but also its reputation, he said.

 

“These programs are designed to help users understand the role they play in helping to combat security breaches. Additionally, using phishing simulations, as part of the wider security strategy, will help to provide realistic situations that often occur, particularly via email, that employees must be aware of. Further, training allows businesses to assess the nature of the workforce regarding its security awareness posture, and provide employees with the information to understand the dangers of social engineering attacks and how to take appropriate actions to protect themselves and the organisation”, Warelow said.

Security awareness training should not be a one size fits all approach. Instead, training should be continuous and tailored to each user’s unique vulnerabilities, creating an optimised and effective cyber strategy. By highlighting any cyber weaknesses in the workforce, these can be targeted through educational resources to ensure that the human is aware of and knows how to detect such risks, and more importantly, how to reduce the likelihood of an attack. Regular training, in addition to complementary security tools, can provide a “layered” defence.