Tackling the Biggest Threat to Cyber Security: Your Staff

It’s clear to see we’re experiencing a significant rise in the number of cyber-attacks.

We tell Google everything thanks to the questions we ask our search engines on a daily basis so it’s a pretty good place to start when charting the growth of concern about cyber security in recent years:

The number of searches for cyber security related terms in December 2017 in the UK was 57,590. This number had grown to 59,950 in December 2019 – and then by November 2021, had almost doubled to 105,440 – source: Google Keyword Planner

That said, the events of the past two years were inevitably going to spark a rise in cyber-attacks – mainly because we’d all moved online. Even the most traditional tasks in day-to-day life and within the business world were digitalised. In the very infancy of national lockdowns in Spring 2020 the CEO of Checkpoint told the Israeli American Council that: “We need to prepare ourselves for the upcoming cyber pandemic.”

COVID-19 did, in many respects, unleash a new set of challenges for national defences and businesses alike, heightening the existing threat of cyber-crime.

Perhaps the most alarming of all reported cyber-attacks, however, were those reported by the World Health Organization during the early weeks of the pandemic. In April 2020, the WHO detailed that cyber attacks to their systems had increased fivefold – during what was already an incredibly turbulent and uncertain period.

The impact on business

When you dig deeper into the statistics surrounding cyber-attacks and the effects they can have, the severity of this challenge really begins to present itself.

One in every 3,722 emails sent in the UK is a phishing email.

One small business in the UK is hacked every 19 seconds while every day 4,500 out of 65,000 attempts to hack SMEs are successful. According to government statistics released in October 2021, there are 5.6 million businesses in the UK, which suggests that 0.08% of businesses are hacked each day.

33% of businesses have also gone on to describe how, once a cyber breach has taken place, they have lost custom, highlighting the detrimental impacts these events can have.

Accenture has warned that complacency could be the downfall of many business leaders when it comes to cyber security, particularly as we journey on the meandering path of the pandemic. Deloitte meanwhile has detailed the continued threat we can expect in a post-pandemic world and highlighted that businesses can’t simply react, rather they must be proactive in stopping attacks.

That’s not to suggest, however, that businesses are being negligent at present. In fact, in 2020, medium-sized companies invested almost £800 million in cyber security. The question is, though, where’s the threat coming from?

Source: statista.co.uk

The cyber security threat on your doorstep

The real threat, as we’re sure you’re aware, is us, humans. The average Brit is currently spending 3 hours 37 minutes a day on smartphones, tablets, and competitors – we’re a walking risk.

Despite a number of cyber attacks succeeding through the infiltration and manipulation of network vulnerabilities, a significant amount, and in many cases, the most dangerous, come at the hands of human emotion or error.

LinkedIn Pulse Writer Ali Dhoon writes: “While you’re caught up in deploying a robust cyber security posture that’s built using comprehensive security solutions, there is a possibility you may overlook mitigating the weakest link in your fight against cyber criminals – your employees.”

But, what do you need to be aware of?

• Social engineering is effectively cyber criminals deceiving someone into giving away their personal or private information including passwords and alternative login credentials
• Phishing usually comes in the form of an email and often, like clickbait, uses persuasive messaging to encourage a user to open it
• Ransomware attacks often occur after the hacker has gained access to the network – they will demand a ransom be paid to return access to the initial user

The difficulty is that many businesses invest heavily into the actual cyber security software and systems without investing in the capabilities of their staff to recognise or manage such a crisis or threat when it presents itself.

Tackle the threat now

Symantec recently reported that 90% of all cyber threats come from email and with more staff working from remote locations, the risk from this is inevitably increased if they aren’t properly trained in security. Take, for example, business meetings that result in employees working from coffee shops, train stations, or simply using public Wi-Fi systems – the data stored on your devices could be compromised unless each employee takes appropriate precautions.

A Gartner study recently found that 47% of organisations intend to allow their staff to work remotely on a full-time basis post-pandemic with 82% of businesses suggesting they will allow at least one day a week out of the office. Beyond the walls of the office and the strict systems that businesses have in place, it should come as no surprise that viruses and breaches have more chance of infecting your devices and ultimately stealing or corrupting private information.

Is one training scheme enough?

This is by no means a one-time quick fix that will militarise your staff in the battle against cyber-crime – rather you need to invest in the development of a culture that thrives on protection against threat.

Are you aware that in order to bid for government work such as MOD contracts now, your business must be certified as cyber secure through the Cyber Essentials qualification? This highlights how seriously major public sector organisations are taking data protection.

Don’t shy away from cyber security training because it appears costly and time consuming – a cyber attack that’s harmful enough could spell the end for a business. You and your employees must work as one – you providing the necessary training and they the commitment to keeping the business safe.