Depend on us to get your organisation to the next level.
BCN have a heritage of delivering outcomes through our cloud-first services and currently support over 1200 customers across specialist sectors.
Your tech partner
Posted 29th September 2023
As modern business technology evolves and advances at such rapid speeds, there are always two inevitable consequences. Firstly, we all become more reliant on the support and advantages it offers. We’re constantly allocating more of our daily working tasks and roles to technology to perform them in an efficient way while our time is liberated to develop and run our companies.
Secondly, it creates the perfect environment for increasingly sophisticated attacks that prey on any potential vulnerabilities within an organisation’s network and infrastructure. These threats are rising at an extraordinary rate with the harm caused becoming more and more damaging to critical business processes and company data.
Unfortunately, industry reports, data and insights consistently demonstrate that the most vulnerable points identified, and targeted, in these attacks are people. Recent studies with Stanford University found that 88% of data breaches are caused by human error.
A leading software security provider report also showed that the user journey for these attacks is often deceptively simple. 1 in 3 users click on harmful content in phishing emails, and out of the resulting group 1 in 2 of these people then go on to actually enter sensitive information.
There is also a misconception held by organisations that the staff members that are misled by malicious email attacks and phishing threats are the less technologically minded within an older demographic. However, the SoSafe Human Risk Review of 2023 details that digital native users are 65% more likely to click through and open up this vulnerability in your defences.
These statistics are genuinely shocking and should serve as a wakeup call to any enterprise that may be encountering elements of security complacency or fatigue. Perhaps the most sobering stat of all regarding the impact of these incidents is that 60% of SMEs are reported to go out of business entirely within six months of a cyber-attack. Those that do survive will have undoubtedly had a mountain to climb with customers and suppliers in terms of reputation management and trust continuity.
BCN has been at the forefront of cyber security and awareness for all of our partners for well over a decade. In that time, we have always implemented a philosophy of understanding where cyber security awareness can break down and investigating the reasons why. The most common failure factors and weak points we’ve found are due to three relatively simple issues.
Let’s take a look at them here and illustrate how a bespoke security awareness training program for all staff can be tailored towards addressing them in the most successful way.
Make your staff your cyber security frontline. Read more on Cyber Security Awareness Training.
It’s easy to approach cyber security awareness as an exercise carried out periodically with boxes ticked for staff attendance. Indeed, the number one reason that people cited as their struggle with security awareness was the time it took for these programs to be completed.
This highlights perhaps the biggest shift that is required in any best practice security awareness approach. Every element of a person’s day within a working organisation must have security awareness built in. Creating a cyber secure culture within the workplace means embedding the checks, processes and practical awareness into the everyday. Spending tedious afternoons in meeting rooms with dull content that doesn’t directly relate to work roles and scenarios is an old school security nightmare. This has to be avoided and replaced with clear communication channels that are constantly updated with security information and practices.
Every day really should be a school day!
Generic security awareness modules will always fail to connect with people. There is a fundamental insight required into human behaviour that involves making the impacts and consequences of weak cyber security relevant to those that are on the frontline. Personalised learning taps into this through programs created with specific groups, roles and departments in mind. People will benefit from a greater understanding of reporting processes and heightened awareness through association with their own tasks, the software platforms they use and the possible threats that these may pose.
The repetitive nature of traditional security awareness training was the final main issue reported by unhappy users. As with the previous issue of generic content, avoiding this involves more alignment with human behaviour and successful learning models. Customised security education & awareness programs are all about fortifying resilience and elevating knowledge. It isn’t enough to repeat the exercise until the correct answer is found, it’s more around staying alert and inquisitive into the possibilities, causes and effects of cyber-attacks. This has to be shared right across the board from the executive level through to the onboarding of new colleagues.
Greater security awareness is driven by more enlightened and engaged people within your organisation. The associated benefits will be felt company wide with more confidence, understanding and knowledge sharing becoming the strong foundation from which you can build all future cyber security policies and processes. Take a look at how the BCN Cyber Essentials works for your organisation here.
Updating and maintaining industry requirements for compliance is a much simpler process when people are more aware of the reasons why it’s required and committed to achieving it by working together.
Arming your people with the power to become an effective first line of defence against cyber criminals is invaluable. As that awareness becomes embedded across the organisation, more effective response procedures can be developed in the event of any threat materialising. Ongoing vigilance naturally leads to a more secure culture for the whole workplace.
It’s virtually impossible to eradicate all human error on the part of your staff. However, mitigating the risks as much as possible presents a huge advantage in your strategy against cybercrime. The marginal gains presented by effective security awareness can make all the difference in an attack developing from a threat to a full blown successful attack.
At BCN, we want to ensure that all of our partner clients have the opportunity to benefit from the innovative and successful security awareness training we offer. This October sees the return of Cyber Security Awareness Month, now in its 20th year, and there is no better time to speak with us about how we can make your organisation safer and more resilient.
Our Cyber Security Awareness & Training team is always happy to talk and ready to help. You can find out more details on the impact our services will have for you using our Cyber Security Pledge.