Businesses across the world are facing an unprecedented level of information security risk in 2017 from data breaches to compliance challenges. In this second week of National Cyber Security Awareness Month (NCSAM), we are focusing on how creating a culture of cybersecurity can help all types of organizations to protect against the most common cyber threats. 

It has never been more important for organizations to adopt a culture of cybersecurity. Organizations of every size and in every industry are now targets for cyber criminals. Many organizations, particularly smaller teams that do not normally handle sensitive customer, financial, health, or identity data, believe that if they do not “have anything of value” for cyber criminals, they do not have to worry about such risks. The truth is starkly different from this assumption. Every organization is a target, because every organization either has some valuable information on their own devices that they may not realize is valuable, and/or because once their system is compromised, it can be used as a launching pad for further attacks against others. Thus, the security of the entire global networked community depends, in part, on the level of security of every one of the connected systems. 

In recent years, there has been increasing pressure to improve awareness and understanding on the risks and consequences or a cybersecurity threat or breach. Studies have shown that the costs of a breach are much higher than most employees realize. The average estimated cost of recovery has increased from $907,000 in 2015 to $1.35 million in 2017 as our latest 2017 Risk:Value reported. These costs include the cost of remediation as well as lost time, revenue, and other factors that can be directly attributed to the breach event. If information was stolen from your organization in a security breach, how could your organization be affected? Can you imagine several possible “worst-case scenarios” that might happen due to such events? And, could your organization recover from a sudden unplanned loss in excess of one million dollars? And, even if the direct financial impacts could be absorbed, how would customer or client confidence be affected, and how would that affect business performance in the longer run? 

The concerns of significant negative impacts are well founded, and thus it makes good sense for organizations to take proactive steps to protect against such attacks. 

One key learning from our cybersecurity experience is that internal staff, including employees, IT, management, and contractors, have an enormously important role in cybersecurity. Most security breaches do not occur due to clever external programmers piercing the company’s defenses. Instead, most breaches occur as a result of poor password management, outdated software security patches, or employees opening or responding to phishing or email-driven malware. In other words, attackers aren’t overcoming the company defenses – instead, employees are unwittingly or unknowingly opening these doors for attackers.

To prevent these events, it is critical that everyone in the entire organization should have awareness for information security and risk management. This goes for top managers, and just as much for the part-time assistants – because any person who has physical or logical access to the network could potentially allow cyber attackers the opening they need to penetrate the network.

To prevent such access, every single employee has to be aware of the risks, and understand their role in protecting the network and the information held within. As a first step, we strongly recommend that you have an effective security awareness program in place. An effective awareness program is about training, and changing employee behavior enough that it increases your staff’s ability to consciously make more secure decisions. Without such a program, it is nearly impossible for an organization to know that the correct steps are being taken. 

For more information about how to set up an effective security awareness program, contact NTT Security

Click here for helpful tips from the Department of Homeland Security on how to protect yourself and your organization.