The latest data from IBM shows that the average cost of a data breach has gone up by 2% to a whopping $4.45 million. You would think that in the cybersecurity industry, people would be all about safety and security, right? I mean, it's literally in the name.
But here's the kicker: more than half (55%) of cybersecurity professionals have admitted to being risky when it comes to their cybersecurity practices at work.
Security professionals are the ones supposed to be setting the example and keeping their organization secure. I guess modern cyber threats don't discriminate, so even security professionals need security awareness training.
You know what's even more concerning? A study found that many organizations only hold security training once a year or once a quarter.
If the very people responsible for keeping our systems secure are engaging in risky behaviors and not taking the necessary steps to protect themselves, that's not good. We've already seen major breaches caused by human error, so we can't afford to be slack about remaining vigilant.
Let's face it: every employee is a potential door for hackers. They're the biggest risk factor. Just look at all the social engineering attacks. That's why it's crucial to educate the workforce on security best practices. We need to discourage risky behavior.
What counts as risky security behavior? There are 10 identified behaviors, including opening sketchy email attachments, watching movies or taking company data without permission.
It's crucial organizations create a strong security culture. It's not just about warning employees about threats, they must understand how to prevent any security issues.
Strengthening security culture is vital if we want to lower the risk of cyber attacks. We have to change mindsets, behaviors and the overall way we think about security. It's all about seamlessly integrating security best practices into everything we do, tailoring them to every situation.
Luckily, there's a new technological approach to assist us. It focuses on identifying and responding to threats caused by human actions, like phishing and social engineering. It even involves automated real-time coaching. This is a game-changer compared to traditional security training.
At the end of the day, cybersecurity should be a concern for everyone in the organization. We need every department and every employee to be vigilant and prioritize appropriate responses to potential threats. If we can achieve that, we'll be in a great place to tackle any security challenges that come our way.