Why you need 2018 End User Security Awareness Training
Date: Jan 3, 2018
When it comes to cyber security, end users are both the prime target and the weakest link in any organisation:
* They respond to emails that have been highly personalised
* They click on malware-infected links that look legitimate
* They follow through on requests from what they think is their senior management
It’s not unexpected – employees are human and make human mistakes.
To protect your end users and your organisation, here’s the top 4 reasons why it’s imperative you train and test your end users in 2018:
1. Social Engineering
The No. 1 go-to strategy for cyber criminals. We can show you how quick, easy and cheap it is to create an effective spear-phishing attack. Cyber criminals are targeting your employees —the weakest link in IT security—and your last line of defence.
2. Search Results Tampering
End users use search engines to access information, and can be exposed to compromised websites. Search result tampering – the process of producing search results that direct users to a website that has been compromised isn’t new, but we believe it will gain momentum over the coming year. When an end user clicks on what they think is a safe link, malware infects their machine and sends them to a bogus site, where their personal details can be harvested.
While ransomware isn’t going anywhere, its deployment tactics and targets will most likely change. We expect to see more custom-made ransomware attacks that focus on high-value targets. In addition, ransomware, which has relied heavily on email as its delivery mechanism (and always will), will evolve to find new ways to get into your network. These methods could include “smishing” (text) or vishing (voice).
4. Compliance requirements
End user security awareness training has already been recognised and adopted by security-savvy organisations. However, with new compliance requirements coming into force in 2018, security awareness training is no longer an option. Ask us about our awareness training for GDPR.
Our recommendation for the year ahead is to ensure you have a layered security approach in place:
* First and foremost, train your end users.
* Prevent CEO fraud by looking at your internal security Policies & Procedures.
* Make sure your email and web gateways are secure and include URL filtering (and that they are tuned properly).
* Endpoints must be patched and have next-generation, frequently updated security layers.
* Employees who handle sensitive information must use two-factor authentication.
* Check your firewall configuration to make sure no criminal network traffic is allowed out to command and control servers.
These steps are not a fail-safe, but they are good steps toward protecting your organisation and your end users (and your customers and partners).
Put them in place now and keep up with them throughout 2018 to keep social engineering and ransomware threats from becoming successful attacks.