You may not be aware that the Wall Street Journal recently created a separate WSJ Pro Cybersecurity newsletter in the form of a regular email with relevant news.
Of course I subscribed to it and today, Rob Sloan, cybersecurity research director at WSJ Pro wrote some important observations related to raising Cybersecurity Awareness.
I also recommend you let your C-level execs know that this subscription exists and suggest they get subscribed, this is always very good information in understandable language. They can be contacted at: pronewsletter
Here are a few snippets from the column that I thought were interesting to share!
"Security experts regularly denounce humans as “the weakest link in security,” but this is unfair. If a user receives a malicious email and clicks on it, it is the result of a failure of a series of security technologies designed to detect and block them. User awareness is only intended to be the last line of defense when security technologies fail."
Very true! And we all know that even the best filters regularly fail, so a human firewall as your last line of defense is crucial. Sloan continues with some excellent ammo for more security awareness budget:
"User awareness can bring significant savings by protecting organizations from financially motivated attacks such as Business Email Compromise. A single BEC incident can cost millions of dollars. The Austrian aircraft part manufacturer FACC AG fell victim to this scam in 2016, costing the organization $47 million and resulting in the chief executive’s dismissal. BEC fraud cost U.S. businesses roughly $5.3 billion since 2013, according to a report this month from the Federal Bureau of Investigation."
Obviously these are things that we have been covering here for years, BEC is also called CEO Fraud and the costs are hair-raising. One last quote from Sloan I thought was not just ammo but budget rocket fuel!
"An effective user awareness program can also be a useful defense against lawsuits following a breach. It allows companies to argue they made reasonable efforts to educate their employees with the aim of preventing attacks and subsequent data breaches. [...] Awareness training is no silver bullet. It is designed to empower users to spot attacks that slip through the net. We are all vulnerable to a well-crafted attack hitting us at the wrong moment. The difference is how an educated user reacts."
We could not agree more and again I recommend that your C-level execs get a subscription to the WSJ Pro newsletter.
I also strongly suggest you get a quote for new-school security awareness training for your organization and find out how affordable this is. You simply have got to start training and phishing your users ASAP. If you don't, the bad guys will, because your filters never catch all of it. Get a quote now and you will be pleasantly surprised.
Don't like to click on redirected buttons? Cut & Paste this link in your browser:
https://info.knowbe4.com/kmsat_get_a_quote_now
Let's stay safe out there.
Warm regards,
Stu Sjouwerman,
Founder and CEO, KnowBe4, Inc