As the global economy becomes increasingly computerized and interconnected, cybersecurity threats are increasing dramatically. This trend means that there are both increasing points of vulnerability—as more connections are formed and more data is transmitted over those connections—and greater incentives for cybercriminals—as more money changes hands over the Internet and more sensitive data are stored and transmitted online.
Cybersecurity is the responsibility of all employees, not just top management or IT staff, which means effective employee training on cybersecurity is crucial for any organization. Over the next few posts, we’ll take a look at the risks involved and look at three key aspects of a cybersecurity training program: educating employees on the importance of cybersecurity, building awareness of common threats, and reporting suspected cybersecurity issues.
Here are just a few recent and high-profile examples of the risks posed by cybercriminals.
Equifax
In September 2017, Equifax—one of the big three credit reporting agencies—publicly announced that it had been hacked. The hackers were able to access sensitive data on an astonishing 143 million Americans. The information included Social Security numbers, driver’s license numbers, addresses, names, and birth dates. The ability to misuse that data financially is obvious.
Uber
In late 2017, it was revealed that ride-sharing company Uber had suffered a major data breach resulting in hackers gaining access to the personal data of 57 million customers and drivers. The company concealed the breach for over a year and paid the hackers $100,000 to delete the stolen data. The revelation resulted in the firing of Uber’s chief security officer.
Bitcoin
Bitcoin, a digital currency, experienced a sudden drop in value in the aftermath of a December 2017 cyberattack that took down one of the world’s largest digital currency exchanges, on which Bitcoin is traded. The attack was a DDoS or distributed denial of service attack. DDoS attacks attempt to crash targeted systems by overloading them with information.
A sound cybersecurity policy and associated training is crucial for any business. Employees need to understand the risks they, and the organization, face and how to address them regardless of their role or the industry your business is in. The first step in this process is making employees understand the significance of the risk.