In a recent article about the largest cyberthreats currently facing the UK, John Edwards – the UK’s newly-appointed information commissioner- talks about the need for a security culture in the workplace.
With so much focus on establishing a security stance that protects the organization from attacks, so often organizations forget that some small percentage of a very large number of attacks is going to get through defenses unnoticed and put the fate of your organization in the hands of an unwitting user who is just trying to do their job.
According to Edwards, despite seeing a 19% rise in the number of cybersecurity incident reports to his office, he still believe that many of these incidents are avoidable, saying “our experience is that many of the issues are preventable and getting the basics right is the first step.”
So, what are those basics? Antivirus? Email Scanning? Next-Gen Firewalls?
Edwards says “it’s about creating a culture of vigilance.” According to his office (and aligning with many other sources I’ve covered here on our blog), a material percentage of cyberattacks of all kinds start with a phishing attack. When mentioning what will create this “culture of vigilance”, he notes “up-to-date staff training is essential to spot and report phishing attempts.”
In essence, maintaining a state of vigilance within each employee starts with Security Awareness Training designed to educate them on attack methods, current campaigns, and social engineering tactics being used so users are always aware and default to a security mindset, rather than one that simply take every email – and its contents – at face value.