Hackers Hate When You Do This

Hackers hate it when your team is fluent in and hip to Cyber Resilience tactics and strategies.

We call this Awareness. Hackers hate organizations with a culture that values and actively promotes Cyber Resilience Awareness. Their employees don’t make mistakes as easily as organizations without one.

It matters, big-time because, when we Google it, we can see that most reports indicate around 95 percent of hacks or cyberattacks are caused not by technology but by human error. With stats like this, it’s hard to ignore the fact that there may be more to cybersecurity beyond the firewalls, antivirus, appliances and other tools used to protect our businesses from cyberattacks.

Humans play an integral part of an organization’s cybersecurity program, and we need to realize that humans will continue to be the biggest risks to our organizations. Our goal is to make people our greatest asset.

We can do this by making education a priority across disciplines and teams. Ignoring this, especially at the leadership level, is akin to illiteracy.

Cyber Resilience is an essential component of business strategy in this day and age. It must be openly discussed and socialized throughout our organizations. Leadership must understand that Cyber Resilience fluency is a requirement for everyone and not just IT or technical staff.

How does Cyber Resilience Awareness prevent attacks?

Hackers use many different tricks to bait people into doing things they’d never do if they had more awareness. These are becoming more elegant and tricky every day. Everything from loading bogus images into emails and attachments, phishing emails that look exactly like legitimate business communications to free offers that are tantalizing enough to get a click, hackers are trying anything and everything to steal any level of useful information to help them gain a foothold into our organizations.

To boot: there are even more tricks to maximize the likelihood that important data gets leaked outside of an organization. Removable media, like USB or flash drives infected with malware are an important consideration, too. Each and every employee, regardless of their level of access, plays an important role in helping to defend the entire organization. Awareness is the only solution to prevent anyone from making a seemingly small mistake that leads to big trouble.

What methods of education work best? How do we know they work?

Most organizations approach Cyber Resilience training as formality, as long as they can check the box it’s considered complete after a snooze-worthy presentation during a new employee’s onboarding process. Mixed in with an overwhelming amount of other, HR related paperwork, the resulting message about cybersecurity is received as a technicality rather than an integrated component of the culture. If that’s the only opportunity that sort of employee ever gets, the time and resources involved are wasted.

We know this approach doesn’t because the metrics prove it. Organizations who haven’t approached this awareness within their cultures by building an experience that resonates with people have drastically higher occurrences of incidents and when incidents happen they don’t know how to quickly respond and mitigate them in order to protect their productivity, reputation and bottom line.

Does dedicated awareness training at periodic times of year make a bigger impact?

Yes. This stuff has to apply to people in their personal lives. Methods, tools and strategies for good practices almost always trickle up from personal use of technology to how people work. It’s rarely the other way around. Add to this that most training having anything to do with cybersecurity is authored by HR and/or legal team, which typically means there is no voice, it sounds like corporate-speak and so it’s boring, doesn’t resonate and falls flat.

People don’t want to learn about the deep, hidden machinery of cybersecurity. Basic principles? Sure. They especially want to know how these apply to them in their daily, personal lives. Cyber Resilience Awareness training can actually be fun and offer value to people for protecting themselves, their families, friends and the people that matter to them the most. Otherwise, they’ll ignore and/or forget everything they’ve heard mere hours later.

When we are surrounded by these basic concepts as they become part of our everyday environment, we begin to understand how even the smallest decisions we make daily can affect organizations we work for, our families, friends and ourselves. Effectively building this awareness is a process requiring that we craft a compelling user experience (UX) in our presentations to deliver a message that resonates. This isn’t unlike the way a branding agency builds a brand’s architecture in order to make interactions between people and products as compelling as possible.

Can Cyber Resilience Awareness training prevent malware attacks like WannaCry and Petya and other, more insidious social engineering attempts?

Yes, and that’s why building a Cyber Resilience Awareness program is the most important investment an organization can make. While your organization focuses on doing business, find and use a partner to guide you the right direction. It’s not going to happen overnight but building a security culture pays off over the life of your organization by empowering your employees to protect it.

Rewarding and incentivizing your employees for demonstrating good practices helps empower everyone to continue to protect your organization and their own livelihoods. Feeling empowered is the key to success. As we see new types of attacks almost daily, our organizations will continue to be targeted. Feeling afraid and powerless is not the solution. Feeling empowered and confident, powered by a strong Cyber Resilience culture is.

WIMZKL wants to be your dedicated, long-term partner. Let’s get there together. Get in touch.