Why Hackers Hate Compliance Training

Here’s some bad news: cyber security threats to businesses of all sizes increased exponentially last year. 2016 was the year that hacking and politics collided spectacularly during the US presidential elections.  It was also the year when more individuals and small businesses lost valuable time, data, money or assets through breaches in information security.  In the UK, 54% of businesses were targeted by some form of cyber attack (Computer Business Review). Cyber security A large part of this increase was due to the rise of ransomware. Ransomware is software which is designed to encrypt data, making it inaccessible. It then threatens to delete data unless its owner pays a ransom. This attack forces ordinary people to engage with criminals, fight against the clock to obtain the digital currency Bitcoin and hope they won’t be part of the quarter of people who don’t see their data again even after paying. The rate at which ransomware attacks have increased is staggering. In 2015, cyber criminals attempted 3.9 million attacks. By 2016, SonicWall reports that they attempted 638 million attacks. That’s 167 times as many. 2017 has already seen a spate of high profile ransomware cases, most prominently the WannaCry worldwide attack which spread to the NHS, Spain’s Telefonica, FedEx and the Deutsche Bahn. It seems that the growth in cyber crime isn’t going to slow down in the near future.

That’s the bad news. Here’s the good news.  

Often, ransomware attacks can only work if there has been an easily preventable human error. Most malicious software is spread through social engineering. People are  tricked into clicking on the wrong email attachment, or opening the wrong file. They are vulnerable because they have a weak password or fail to create backups of important files. Some of these tricks are very convincing. Many of the emails which trick users appear to be from reputable companies or banks. They disguise as order confirmation notices or business communications.   That’s why hackers hate compliance training: it creates a workforce which is less likely to fall for their tricks. Cybercriminals are opportunists, and will always chase after the easiest targets.  The trick is to ensure that your business isn’t one of those easy targets. Equipping your business with the information security skills it needs doesn’t have to be time consuming or expensive. A good first step is to ensure that good security practice isn’t just the domain of IT departments. Everyone needs to be clued up on protecting information online. Elearning is a great way to do this. It is quick and intensive, can be tailored to your organisation’s needs and allows for realistic models and simulations. It’s a great way to put protocols in place and foster an attitude of alertness throughout your organisation.

How can GLAD help you improve your cyber security?

At GLAD we know that the best way to make sure that training creates real change in everyday practice is to ensure that it is user-friendly, engaging and relevant. That’s why we create bespoke elearning which considers your businesses’ particular situation and needs. We use branching scenarios and case studies so that training remains practical and easy to translate back into real life. We also make sure that training involves innovative assessments, which give staff confidence in their abilities. You can find out more about our Data Protection elearning here. To find out more about how we can provide you with brilliant information security training, drop us a line at enquiries@embridgeconsulting.com You can also follow us on Twitter.

Share This