Your team: the key to preventing cyberattacks
According to the 2022 UK Cyber Breaches Survey, 39% of UK businesses identified cyber security breaches or attacks in 2021, with nearly a third being attacked on a weekly basis. The most common attack vector experienced by UK businesses was phishing, accounting for 83% of attacks.
Despite 82% of businesses stating that they see cyber security as a high priority for senior management, only 17% of small to medium businesses provided their staff with awareness training on how to detect a potential cyber security threat.
Social engineering and cyber security
The majority of cyberattacks are initiated through social engineering, where an attacker targets personnel and manipulates them into carrying out specific actions or divulging useful information.
This is often conducted through phishing emails, where the attacker may impersonate an organisation’s clients, suppliers, or even staff members such as the CEO or CFO. The goal is to obtain money through fraudulent transactions, or to gain access to the organisation’s systems through compromised login credentials. Attackers using phishing are able to make these interactions so realistic, that team members have no reason to be suspicious and ultimately fall foul of their ploys.
Your staff should be at the centre of your cyber security strategy, but as the largest ‘attack surface’ for your organisation, they can also serve as your greatest defence against cyber threats.
By raising awareness and training your team to be a human firewall, they are more likely to spot potentially malicious activity such as a phishing emails, follow best practice in setting secure passwords and protecting accounts with MFA, and consider the security of their remote working environment.
Keep it clean
Basic cyber hygiene principles can mitigate the majority of cyberattacks, so it is crucial that you build a positive cyber security culture in your organisation. This will keep your staff engaged, encourage them to report incidents without fear of repercussions, and allow for actual or suspected cyber security incidents to be raised, triggering an incident response process.
Regular, bespoke awareness training is vital in helping to bolster your team and cyber security defences. This not only protects your organisation, but also demonstrates that you value and recognise the importance of your staff.
At Waterstons, we offer a wide range of products and services to help you raise awareness and reduce the likelihood of a cyberattack including:
- Creation of bespoke awareness training covering the current threat landscape including threats relevant to your industry, industry best practice in line with guidance from the National Cyber Security Centre (NCSC) delivered in person or remotely
- Partnering with CybSafe which allows us to deliver a customisable training platform; providing regular training, reminders for refresher sessions, deployment of phishing simulations, and reporting mechanisms
- Creation and delivery of board level threat briefing, highlighting threats to your industry and providing guidance and insights into industry trends
- Facilitation of both remote and in person table-top exercises to raise awareness of both cyber security and business continuity with senior managers using rehearsals and/or our board game, Udder Disaster (find out more here)
- Customised specialist training around specific topics including disaster recovery, incident response or data protection.
If you think your team could use a boost, get in touch with the cyber resilience team to find out how we can make your biggest potential weakness into your strongest asset.