Featured image

Cybersecurity Training: How to Avoid Becoming a Statistic

According to a Clark School study at the University of Maryland, a cyberattack occurs every 39 seconds in the United States. This might come as no surprise to people who follow the latest security trends, but to those who don’t, it’s a signal that cybercrime is a pressing concern and isn’t going away any time soon.

For companies of every size, cybercrime has been a major issue that’s only escalated as more employees work from home due to COVID-19. But even with companies ramping up their cybersecurity efforts, many find there’s still a lot of room for improvement when it comes to protecting business and customer data.

In this article, we take a look at the latest numbers on data privacy and security- and offer compliance teams helpful tips on how to avoid becoming a cybercrime statistic.

Over 65% of Companies are Non-Compliant

In a speech given at InfoSec World 2020, Kevin Ricci of Citrin Cooperman revealed that more than 65% of companies made zero or minimal effort to comply with U.S. state data privacy and security regulations. Of the companies that remained, another 27% said they were only partially compliant.

What’s even more frightening is Kevin Ricci’s discovery that 48% of organizations didn’t even offer data security and awareness training. At a time when data security is mission-critical, businesses that fail to provide cybersecurity training are putting themselves in the firing line for fines, lawsuits, and untold damage to a company’s reputation.

How to Avoid Becoming a Statistic

If your company hasn’t implemented a cybersecurity or data privacy training program already, it’s time to get started. For companies that have a program in place, take a moment to review your training materials to ensure they meet the requirements of current federal regulations and guidance.

67% of Data Breaches are from Credential Theft, Human Error, or Social Engineering Attacks

Verizon released its 2020 Data Breach and Investigations Report in May, detailing a number of surprising statistics on security preparedness at 81 organizations. After reviewing nearly 4,000 confirmed security incidents, Verizon discovered that credential theft, human error, and social engineering accounted for 67% of data breaches – and 22% were the result of human error alone, which is up from 2019.

Data breaches caused by human error are nothing new, but the incremental – and sometimes exponential – increase in cyberattacks puts your employees and company at a greater risk every day. Left without training, employees have a much higher chance of falling prey to phishing scams and other types of cyberattacks. Whereas, effectively training employees consistently helps companies reduce the likelihood of a successful attack by 40-50%, based on information from the InfoSec Institute.

How to Avoid Becoming a Statistic

According to The Online Trust Alliance, 95% of all data breaches could have been prevented by following best practices in cybersecurity and data protection. Since human error causes such a high number of data breaches and privacy concerns, it’s not only crucial for your organization to make security and awareness training a higher priority, it is also vital to keep your team educated and informed regularly with supplemental training and refreshers that remind them to be on a constant lookout for threats.

Attacks on Cloud Services Have Increased by 630%

In mid-June, Microsoft released an article highlighting research on COVID-19’s impact on internal cybersecurity. While many organizations were happy to learn that cyberattacks at Microsoft had decreased since their peak in March, when the pandemic forced most businesses to go remote, the article also points out that the company still sees around 12 million attacks every day, a 20% increase over February. And they’re not alone.

In addition to banks, which have seen a 238% increase in attacks from February to the end of April, cyberattacks on healthcare companies accounted for 51% of all breaches in Q1 of 2020, making them the most breached industry this year. And cloud-based services may be partly to blame.

Companies that use cloud-based services like Microsoft 365 and Salesforce have increased by 50% this year in response to work-at-home mandates. But as they did, the vulnerability of these services became evident. In the first four months of COVID-19, cloud-based services saw a 630% increase in overall attacks. And as more people continue to work from home, these numbers are expected to climb, unless data security and awareness training becomes a key part of an organization’s business strategy.

How to Avoid Becoming a Statistic

Many companies were unprepared for the move to an at-home workforce when the COVID-19 pandemic escalated in March. Yet 41% of cybersecurity professionals say the businesses they work for still haven’t responded adequately to the increase in threats.

As Osterman Research reports, companies that offer security awareness training to employees are much better at spotting – and stopping – security threats than those who don’t. Plus, it delivers an ROI that should make any large business take a second look.

Ready to get your organization up to date on the latest cybersecurity and data privacy best practices? Contact our team to learn about our award-winning solutions and how we can customize training to your company’s data security needs. Or check out our free 7-day trial for a more hands-on experience!

Ready to upgrade your ethics and compliance program?

We’re excited to give you a personalized demo of the LRN solution. We’ve been a trusted ethics and compliance partner for over 25 years. With over 30 million learners trained each year, we optimize ethics and compliance programs across the globe to help save your team time, increase engagement, and align with regulation.