Human error is still one of the most common causes of cyber-attacks, according to new research from Nixu.
According to the research, more than a third of all cyber-attacks involve internal actors, and over third included social engineering.
Many breaches result from inadequate security hygiene and a lack of attention to detail. Social engineering is getting more and more sophisticated and, therefore effective. Organisations of all sizes should pay attention to human error and cybersecurity training.
“However, most companies do not train their employees on security matters enough,” says Anu Laitila, cybersecurity awareness business manager at Nixu.
Together with her team, Laitila creates security awareness activities and programs for companies and organisations from various industries.
The awareness campaigns can include lectures, exercises, games, blogs, or any kind of engaging content. The trigger can be anything that will help people to remember security actions.
“We've even created a concept of an escape room experience for employees,” Laitila says.
The European cybersecurity company has started a co-operation with one of the largest security awareness training platforms in the world, KnowBe4, which trains company employees continuously to identify phishing and social engineering.
A comprehensive tool to boost learning
In its services, Nixu utilises advanced tools to enhance awareness in a variety of ways, according to the needs of its client organisations. One of the largest integrated platforms for security awareness is KnowBe4 that contains the world's broadest library of security awareness content, including automated training campaigns, simulated phishing attacks, and a wide range of content in different formats. The company has created a tv-series called “The Inside Man” that covers various aspects of social engineering.
With the KnowBe4 platform, CISOs can build automated, ongoing awareness campaigns and follow-up on the ones who need an extra hand.
The campaigns can also be targeted to a specific department, such as the HR or Finance team, and help to design a personal learning pathway for them.
It is also possible to utilise groups by their learning levels. The reports that KnowBe4 provides support the development of cybersecurity programs and common company practices. Risk managers, IT managers, development managers, or other managers with strategic roles can see the current state of the personnel's security maturity.
Stepping into a new era of security
Cybersecurity has long been considered only as a technical issue. With many unfortunate cybersecurity incidents, breaches and the ever-rising trend of social engineering, companies are starting to see the bigger picture and the human factor around it.
"Companies should invest in the technical aspect – security operation centers, software and app security, identity and access management, to name a few – but the palette is not full until there is a good security awareness program running," says Laitila.
"And this goes for companies of all sizes. The change of culture in companies is happening, and forerunner organisations adopt new working habits fast."