Phishing is quickly evolving to take advantage of that most difficult-to-prevent vulnerability: human error. A lack of security awareness can lead to an unsuspecting employee clicking on one innocuous looking email, launching the cyber-criminal's malignant malware. There goes the network. To put a clear face on the risk, Atlanta’s city-wide shutdown due to ransomware coming in the backdoor of an unpatched port could just as easily have happened because of a click on an attachment or link.
Phishing incidents cost organizations an incredible amount of money and time. From the loss of productivity, to the time spent on the necessary meticulous clean-up, to the impact on business operations, the dollars mount. Surveys and analysis from a Ponemon Institute report share that on average, a company will spend up to 30 thousand hours (over $1.8 million) on tasks to contain a malware infection. Combine the loss of business disruption and employee productivity and you’re up to a staggering $3.77 million per year for the average organization.
Phishing-specific training is a must. Targeted phishing is rapidly rising, with evidence showing that 91% of cyber attacks start with a spear phishing email to targeted individuals, and whaling, where the goal is executives to gain entry to their broader data and financial access levels. The security awareness training you’ve used in the past simply won’t work any longer. Your employees and your company need more.
To have a secure enterprise calls for a cyber aware staff.
Despite all of the advances in technology, humans remain the weakest link. Advances in technology need to be combines with human readiness. Security awareness training can no longer be given just once a year. If you truly want security training to make a difference, you’re going to need to conduct it often and creatively.
Effective training saves big money. As in an estimated $1.80 million cost savings vs the $3.77 million cost of a phishing attack containment. So when you’re building your culture of cybersecurity, use the latest training tools to get your employees onboard. Know how aware they are today so you can rally them to the next level tomorrow. Train them when they least expect it, expose them to phishing scenarios and change things up!
With Ostendio’s MyVCM, you can track training and each employees results. MyVCM generates a certificate of completion, generating evidence of training compliance which can be used for your next audit. We also partner with a number of security awareness training providers to offer phishing, malware and ransomware email campaign. Contact us today to start building your cybersecurity program.
Not sure where to start?
The NIST Guide can help. We can also provide you with a free copy of Ostendio’s password policy, as an example. Just contact us at firstname.lastname@example.org.
Avoiding the Hidden Pitfalls of Security Audits
In this webinar, see the 5 most common pitfalls of security audits and learn how you can avoid them with the power of MyVCM CrossWalk Assessments.