What is cybersecurity awareness?
Cybersecurity awareness, at an individual level, is the attitude and knowledge someone holds about risks to physical and informational assets of an organization – and how to mitigate those risks. It’s not only what a threat looks like, but what part an individual plays in dealing with it.
Awareness training is not an end in itself, but a continuous effort between individuals and their organization on identifying and discouraging risky cyber behaviours and recognizing and promoting good cyber behaviours.
In our research, 92% of employees think they play an important role in protecting their organization against cyber threats. However, a third of them believe they don’t receive enough training to make a difference.
A cultural shift
In fact, cybersecurity awareness is an organization-wide concern that affects every person in a business, non-profit, charity or government.
It’s all about creating a cybersecurity culture, which goes beyond simply making people aware of being secure, instead helping them care enough about security to take simple steps as part of their daily activities to dramatically reduce their risk, as well as the risk of the company. This change is proven to be significantly more effective than applying cybersecurity controls and training after the fact.
Cybersecurity awareness: not only an IT issue
While IT systems play an important role in the security of an organization, there is a gap between IT system security and the human aspect of security. The threat landscape changes daily, and technology may only be able to effectively defend against 95% of threats, so you have to be able to rely on your people to protect the organization from the 5% for which there may not be a technical control or is able to circumvent common security controls. People are a critical part of your cybersecurity defence, and it’s important they realize how valuable they are!
Employees who are educated and involved in protecting your organization lower your risk of falling victim to an attack. Having an automated, easy-to-manage cybersecurity awareness tool reduces the amount of time your cybersecurity professionals are spending on administering a program, allowing them to focus on other critical aspects of protecting their organization.
Why does awareness matter?
The statistics speak for themselves:
-94% of malware detected in medium-sized companies was received via email
-One-third of employees rarely or never think about cybersecurity at work
-96% of IT workers said security training contributes to reducing incidents
- The #1 most common negative cybersecurity behaviour with individuals relates to password hygiene, and password sharing
Cybersecurity awareness matters because it unleashes people’s potential to reduce risk to physical and informational assets from cyber attacks. People can’t protect against risks they don’t see or understand. Being given the skills to properly identify threats and understand how to deal with them enhances an employee’s ability to recognize danger and the desire to protect themselves and their organization.
Don’t assume everyone knows about the dangers of the internet. For example, someone using the same password for their personal email and their work email may not realize that if their personal account becomes compromised, their organization is now in danger of an attack. In our research, young people moving into the workforce who have grown up with technology are unaware of the risks associated with using it – their understanding measures similarly to seniors as it relates to cybersecurity behaviours. Social media is full of dangers, too: filling out fake contest forms or forms with personal questions or inserting credentials on a fake website – any individual can fall for these scams, exposing their employer to risk, too.
Costs of not implementing a security awareness program
In the short term it may appear easier and cheaper not to invest time and money in security awareness. But the costs add up later.
According to IBM’s 2020 Cost of a Data Breach Report, the average total cost of a data breach is approximately $3.86 million. For example, a 2017 Equifax data breach resulted in the company paying $700 million in fines and compensations, as well as agreeing to a minimum spend of $1 billion on data security improvements – all of which could’ve potentially been avoided with the implementation of an effective cybersecurity awareness program.
From fines for accidentally exposing clients’ personal information, to compensation and legal fees, the financial burden of cybersecurity incidents is steep. The operational downtime, and the damaged reputation, company devaluation, and time needed to respond to each incident may run up the costs even more.
The best way to prevent attacks is to engrain cybersecurity into the culture and daily operations of an organization, and regularly train employees using a cybersecurity awareness platform. A data breach can happen to any organization. It is important to be aware of the potential costs you could incur without a plan in place. For small businesses especially, the cost of a data breach could force them to close their doors for good.
Plan ahead, educate your people, and stay cyber safe!
Chief Product Officer & Co-founder, Beauceron Security Inc.
Starting his career, Ian initially pursued work in graphic design and worked as a freelance graphic designer and for a few local businesses, creating engaging visuals and branding collateral. Shortly after entering the graphic design industry, Ian made a transition that combined both his design capabilities and natural aptitude for software development to work in front-end software development and user experience design. Since this change, Ian has worked with a number of organizations, helping to craft highly intuitive user experience and user interface in sustainability, higher ed and IT security – notably at the University of New Brunswick in Information Technology Services (ITS), IBM Security division on their flagship product, QRadar, and most recently as a product architect and co-founder with Beauceron Security Inc.
As the Chief Product Officer, Ian’s focus is at the core of innovation and product experience. Ian combines industry trends, cybersecurity expertise and customer feedback to develop a product strategy that is redefining the cybersecurity awareness market and protecting some of Canada’s largest brands from cyber attacks.
In his spare time, Ian is an outdoorsman and gearhead, spending his off-days exploring the outdoors and turning wrenches on projects at home.