Data privacy and information security training continue to remain a top organizational priority. The number and sophistication level of phishing attacks continues to grow worldwide. In the six months ending October 2022, phishing attacks grew by 61 percent over the same period in the previous year.
And a recent study by the Anti-Phishing Working Group (APWG) found that in the third quarter of 2022, worldwide phishing attacks reached the highest number the organization ever observed—a record 1,270,883.
What’s Behind This Ongoing Data Privacy Threat?
The simple answer to “Why do these risks keep growing?” is that the number of connected devices keeps growing. The increasing number of devices correlates to more opportunities for attackers to get their foot in the door and gain access to data.
As the numbers increase, so does the sophistication level of cyberattacks as methods are refined and multiply—phishing, phone calls, fake QR codes, spam, and more—making it harder to ensure our organizations are safe.
Right about now you might be asking yourself:
- How often are we training staff to recognize and handle information security risks?
- How often do we update our Data Privacy & Information Security policies?
In a recent webinar, SAI360 compliance experts Jon Bricker, VP of Sales, AMER Learning, and Julie Murphy, Sales Director, EMEA Learning, discussed ways to help you establish a security-aware corporate culture and ensure cybersecurity is a priority in your 2023 training.
Establish a Security-aware Corporate Culture
The constant threat of data breaches is one of the top, most costly, risks to your organization and its brand reputation. A recent survey of GDPR fines and data breaches reports that 2022 was a record year in penalties in the European Union, totaling nearly €3 billion—double the amount from 2021.
Cybersecurity is no longer the sole responsibility of the IT department—responsibility now resides in the boardroom. Compliance teams are tasked with embedding information security into the corporate culture and communicating the message that it’s part of everyone’s day-to-day job. Not everyone needs to be an IT expert to stop cyberattacks, but everyone needs to be able to recognize attacks and reminded to be vigilant.
Cybersecurity Risk Training Goals for 2023
More than 80 percent of information security breaches involve a human element, according to Verizon’s 2022 Data Breach Investigations Report. Phishing lands at the top of the list of offenses, with 36 percent of data breaches due in part to employee credentials being stolen through phishing; 96 percent of these via email. Since many data breaches begin with an employee being targeted through a phishing email, it’s critical to build a human firewall that is keenly aware of the constant risk of attack.
The ongoing threat of cybersecurity risk means employee training should have a primary goal of building a “think before you click” culture. With more people working at home, you should ensure your onboarding process includes details of your information security policy—what’s expected and where and how to report potential breaches. The damage done by data breaches can be significantly reduced when swift action is taken.
Here are some ways to foster a safer, more vigilant work environment:
- Ensure cybersecurity is front of mind for employees by setting up more frequent, regular training or communication tools, rather than one-off annual events or messaging
- Increase communication with regular bite-sized communications and micro learnings for regular reinforcement of good training principles
- Directly address cybersecurity in your Code of Conduct
- Ensure all employees know your information security policy and how and where to report breaches
SAI360 offers a comprehensive suite of IT Risk and Cybersecurity risk management technologies and training solutions on data privacy and information security that can help you stay ahead of malicious cyber actors.
To learn more, register here to view the complete Key Drivers for Your E&C Training in 2023 webinar.