Don’t stop at basic protections; make ongoing training a priority
Fifty years ago, it was heists like the one that hit the Baker Street Bank that had the power to shock the nation. Now, in the digital world, heists look starkly different and cybersecurity threats are constant, with banks like NatWest facing a “continuous arms race” with around 100 million cyber-attacks every month. What used to be gangs of robbers digging tunnels and smuggling deposit boxes full of cash are now groups of hackers sending phishing emails and holding some of the most notable companies to ransom for hundreds of millions of dollars.
This transition from physical to digital theft is evident. No longer confined to vaults and getaway cars, today’s high-stake heists are executed remotely, by online threat actors. These modern-day criminals operate across borders, targeting vulnerabilities in systems and human behavior to extract data and money. The sheer volume and relentless nature of these digital assaults, as exemplified by financial institutions battling millions of cyber-attacks monthly, highlight a new era of crime.
Security Evangelist at Hornetsecurity.
The growing problem of cyber-attacks
Cyber-attacks are a growing problem, amongst a growing number of sectors, and confronting this escalating issue is vital. It’s not just banks that are facing the constant threat of cyber-attacks; cyber threats are growing at an exponential rate, while becoming increasingly sophisticated and targeted.
Data breaches have hit a myriad of industries: from luxury brands like Dior and supermarkets like M&S, to cryptocurrency exchange Coinbase and UK government organization Legal Aid.
The dangers to personal data are being felt across all sectors, at all digital touchpoints. Amid this battleground of immediate cyber threats comes a growing demand for robust security solutions that address company concerns.
From advanced antivirus technologies to endpoint backup software, AI-powered security is evolving rapidly to stay ahead of such attacks – and it’s essential that companies invest in these defenses in order to stay more than one step ahead.
Evolution of technology
As technology evolves at a rapid pace, companies must keep up with advancements made by cyber-attackers. As businesses of all sizes continue to embrace digital transformation, the need to strengthen their cybersecurity grows increasingly critical.
The UK Government’s recently published Cyber Governance Code of Practice highlights that management of cyber risks is vital for modern businesses to function, and effective management requires collective input from across an organization. This Code of Practice and governance framework package guides boards and directors in managing digital risks and safeguarding their businesses and organizations from cyberattacks.
The framework encourages companies to take four employee-focused actions: foster a cybersecurity culture; ensure clear policies support a positive cybersecurity culture; improve their own cyber literacy through training; and use suitable metrics to verify the organization has an effective cybersecurity training, education, and awareness program.
The report is a clear reminder that the human firewall, that is, the employees who encounter an attack and respond, is just as important as technological defenses.
More than a simple fix, a culture shift is needed
It’s not enough to roll out generic training. The reality is that in today’s world, one wrong click can bring a business to a complete halt. According to the latest insights, the approximate amount of ransoms paid globally in 2024 reached $813.55 million.
When requested to pay a ransom, companies know that refusing to do so runs the risk of their customers’ personal information being leaked publicly, which would additionally require them to pay the associated financial penalties and legal payouts, not to mention reputational damage.
Addressing the threat of cyber-attacks must be embedded in a company’s culture, given the fact that if threat actors are successful, the impact of their actions would be felt not only company-wide but also by the ecosystem within which the organization operates.
Leadership and security
Organizations can bolster their security by cultivating strong leadership, providing tailored training, and building a proactive security culture to create a ‘human firewall’ of colleagues armed with know-how.
Employees of all skillsets and seniorities should undergo comprehensive and ongoing cyber awareness training, whatever their role and seniority, to drive the defenses forward and cultivate a mindful culture.
When employees are provided with the knowledge and tools to maintain awareness of the dangers their company is facing, they can be the most effective method to keep the business secure.
Building a mindful culture
Building a mindful culture can be complemented by a Zero Trust approach, which creates a robust defense against evolving cyber threats. This strategic approach mandates rigorous verification for all access requests, irrespective of their origin or the user’s location within the network, thereby yielding exceptionally strong results that effectively eliminate a significant portion of potential threats.
For example, when an employee receives an email requesting sensitive information or a link to a suspicious website, they should be trained to recognize it as a potential phishing attempt right away, verify the sender’s identity, and report the email to the IT department for further investigation.
This proactive stance, ingrained through a Zero Trust philosophy and continuous education, significantly reduces the likelihood of successful breaches. It’s better safe than sorry, and in the realm of cybersecurity, this means being diligent about taking the extra steps to fortify an organization’s digital defenses.
Don’t stop at basic protections
Don’t stop at basic protections, make ongoing training a priority. Defenses can’t stop at antivirus technology and endpoint protection, and training isn’t a one-time solution. While these are the necessities, they are simply not enough for the twenty-first century heist as businesses continue to battle millions of cyber-attacks each month.
As threats advance or teams become complacent, ongoing phishing simulations, tests and education are key in maintaining a robust human firewall. Companies must invest in technology and ongoing training to equip employees across all roles and levels with the skills and awareness to stay alert. A company’s greatest weapon can be its workforce, if leveraged.
Cybersecurity needs tech, but it’s nothing without people who are well trained to understand the latest attack methods and protect against the digital transition’s inherent risks.
We list the best ransomware protection.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
Fifty years ago, it was heists like the one that hit the Baker Street Bank that had the power to shock the nation. Now, in the digital world, heists look starkly different and cybersecurity threats are constant, with banks like NatWest facing a “continuous arms race” with around 100 million…
