According to the World Economic Forum’s 2022 Global Risks Report, 95% of cybersecurity issues can be linked to human error. Google says that 9 out of 10 cyber incidents begin with a phishing attempt. Cybercriminals are smarter and more sophisticated than ever before; they know how to create convincing phishing emails and succeed with social engineering attacks. While some phishing attempts are obvious, laden with typos, others are extremely convincing and crafty. Recent real-life cyberattacks exemplify this: Uber hack and the ransomware attack on Los Angeles Unified School District (LAUSD). Social engineering is to blame in the case of the Uber hack and compromised account credentials (i.e., weak passwords and/or lack of MFA) are responsible for the school district attack.
With digitization always on the rise and our professional and personal lives becoming increasingly online and interconnected, human error simply cannot be overlooked or underestimated. While we, human beings, insist however that, “we would never fall for that, we would never click on that link,” we must acknowledge that we work in groups and teams in our jobs, and the cultures we work in must also be strong as it relates to cybersecurity. But what does that mean? What are the specific behaviors at a company or organization where security is top of mind?
This Cybersecurity Awareness Month, Cowbell is emphasizing cyber resiliency and creating a culture of cybersecurity in organizations of every size. We’ve compiled a list of behaviors and practices you can implement today to foster a culture of cybersecurity.
Ensure that everyone, no matter their position in the company, knows to whom to report a potential cyber incident.
Everyone should at least know the immediate next chain of command in the organization’s Incident Response Plan.
Prioritize cybersecurity messaging from top-level, senior leadership within the organization and align with action items from IT.
C-suite executives should be articulating the importance of cybersecurity awareness training and reminding employees of any IT/cybersecurity-related action items.
Value security higher than convenience.
Security is “cool”.
Foster an open and safe culture of reporting publicly when phished or spammed.
Never assume, always report.
Require regular employee training at onboarding and thereafter.
Cowbell recommends cybersecurity awareness training from Wizer.
We challenge you to see how many of these behaviors you can already check off within your organization. If there are some that you cannot yet check off, we urge you to implement them as soon as possible. You might have invested a lot of time and money in a host of security tools and services, but we believe this element is just as critical. Be #cybersmart in 2022 and beyond.