Forewarned is forearmed could have been coined for cyber awareness. Knowing the potential cyber threats and risks they face is the number one way for people to recognize them when they happen and avoid them whenever possible. A proactive approach to cyber awareness that includes strong passwords, system updates, and a healthy dose of skepticism helps build a robust defense against multiple cyber adversaries.
Unfortunately, many people aren’t aware of what cyber threats are or that they’re even at risk, making them more vulnerable to attack. Because cyber awareness is essential for online safety, learning about these lurking dangers and how to protect oneself is critical and can make a significant difference in keeping sensitive information secure.
October is Cyber Security Awareness Month, a great time to create, or re-evaluate, your cyber threat response plan that leaves nothing to chance and makes cyber security the norm.
It’s said that fortune favors the bold. Maybe so, but when it comes to cybersecurity, we say it favors the prepared. The first step in being prepared is understanding today’s cyber threats so you can protect your piece of cyberspace real estate.
With cyber threats increasing in number and effectiveness, cyber awareness is now front and center in staying safe online. Threats every individual should be aware of include:
Insider threats are another risk to be aware of. Employees, former employees, and business associates or contractors access critical organizational data and then intentionally or unintentionally compromise data security by allowing it to get into the hands of cybercriminals who use it for everything from intellectual property theft to sabotage and ransom demands.
While cyber awareness doesn’t solve cybercrimes, it is vital to mitigating cyber risks. Most organizations now provide some level of cyber awareness training. Still, there’s always room for improvement, particularly since cybercriminals continue to find new ways to exploit people and system vulnerabilities.
Developing a cyber awareness strategy can be challenging and time-consuming, especially considering how often it needs to be updated to reflect new threats. However, the effort is well worth it when measured against the potential losses from a cyberattack.
Along with educating and training employees about cyber threats and what to do in the event of an incident, a good cyber awareness program also encourages a culture where team members feel a sense of proactive responsibility for keeping the organization’s assets secure. Organizations should also adopt a Zero Trust model where access permissions are strictly enforced through robust identity verification, limited access, and micro-segmentation of network traffic.
While writing this post, new threats were revealed that underscore just how critical it is for organizations to prioritize cybersecurity throughout the year. On October 20, 2023, San Francisco-based Okta Security, an identity and access management company, reported that a hacker succeeded in capturing the credentials of an unknown number of organizations using the company’s identity management system.
How they did it seems remarkable for a company that specializes in user authentication solutions. The hacker simply accessed the “HAR” or HTTP Archive format files uploaded to Okta support on request for troubleshooting browser problems and then used stolen credentials to access Okta’s support case management system. Once inside, the cybercriminal viewed files uploaded by some Okta customers. A silver lining to the breach is that the support case management system is separate from the production and Auth0/CIC case management systems, which were not impacted by the incident.
On October 21, 2023, insurance giant American Family Insurance confirmed a cyberattack that began the previous weekend, causing the company to shut down portions of its IT systems, including phone services, building connectivity, and online services. The company, which employs 13,000 people and reports annual revenue of over $14 billion, says it hasn’t (to date) detected any compromises to critical business, storage systems, or customer data processing. However, the system outages have impacted customers, agents, and employees, a situation that could lead to lost business and reputational damage. While it’s still unclear what type of breach occurred, it has the hallmarks of a ransomware attack, many of which occur over a weekend when fewer employees are monitoring the network to notice suspicious activity.
Another attack reported on October 21 claims a threat actor is selling access (or what they claim is access) to Facebook’s (Meta) and Instagram’s Police Portal used by law enforcement officers to request data about users under investigation. Some experts are skeptical about the claim, saying the $700 fee the hacker is charging is too low for such valuable access.
Real or unconfirmed, attacks like these highlight how essential it is for individuals, organizations, and other stakeholders to remain vigilant about suspicious activity. Training that includes real-life examples is being used to educate employees on what to look for.
For instance, cybercriminals are notorious for impersonating popular brands to trick users. A recent (and to date possibly ongoing) campaign involves a highly-deceiving Google ad for KeePass, an open-source password manager. When users perform a Google search for “keepass” and click on an authentic-looking link, they’re redirected via a cloaking service to a decoy site. When they go to download KeePass, they retrieve a malicious .msix installer that, when extracted, can result in data theft, unauthorized access to sensitive information, or full control of the infected device.
Let’s look at how employee training can help mitigate threats and improve organizational cybersecurity.
A holistic approach to cyber awareness includes knowing the latest security trends, cybersecurity best practices, and the dangers of clicking on malicious links. To be effective, it must be an organization-wide initiative that paves the way to a more resilient infrastructure.
Security awareness training uses various tools and techniques to inform and equip team members to recognize threats, report them, and avoid them whenever possible. Routine instructional sessions help people understand:
At the end of the day, it won’t matter how much you invest in advanced cybersecurity tools if end users can’t recognize suspicious links or fraudulent emails, the most prevalent source of cyberattacks.
These cyber security awareness tips will help transform employees from unwitting accomplices to frontline defenders in the cybercrime battle.
Everyone should be responsible for protecting your organization’s digital resources. Cyber awareness training should emphasize data security and teach users how to safely handle, share, store, and dispose of sensitive data. Incident reporting training must also be conducted so issues can be dealt with swiftly.
Remote and hybrid work models pose more significant challenges, as they require securing data at home, in the office, or wherever the user might be. Risks can be significantly reduced with the proper knowledge tools, including not connecting to unsecured public Wi-Fi networks and the importance of VPNs.
“Shoulder surfers” are a particular risk when people use company-provided laptops and mobile devices, especially in public places. People should be trained to lock devices when unattended, be aware of who is around them, and securely store confidential materials.
Security incidents are inevitable, but they don’t need to be catastrophic. Incident response plans and teams are a good start; however, team members must also understand their role and the steps to take if a security incident occurs. They should know who to contact and how to communicate effectively during a cyber attack and be trained in risk mitigation so they avoid actions that could worsen the situation.
Well-trained employees also enable quicker incident recovery, learn from past incidents, and become more vigilant and security-aware in their daily online activities.
The scope of cybersecurity initiatives varies depending on an organization’s size and number of employees, but these courses should be included in every training in cyber awareness.
While it’s doubtful that all cybercrimes can be avoided—even with the most sophisticated tools in place—it’s still far too easy for attackers to achieve their objectives. This reality means organizations must do more to fortify their defenses and cultivate a culture of cyber awareness.
Well-trained employees can be key in significantly reducing cybersecurity threats and incidents, helping to prevent data breaches that put your organization at risk. To achieve maximum protection, companies must also invest in cybersecurity tools and talent to ensure data security.
Leveraging advanced technologies like artificial intelligence (AI) and machine learning (ML) is transforming how organizations protect themselves against cyber threats. Integrating these and other technologies as part of your overall cybersecurity program enhances predictive capabilities and improves detection and response to threats in real time.
Enterprises are now using these tools for:
Organizations that integrate these advanced technologies into their cybersecurity strategies are achieving more comprehensive, adaptive, and proactive defenses against evolving cyber threats. They’re also gaining a technological advantage, staying one step ahead of attackers in securing organizational data assets.
As cyber attacks continue their upward trend, cyber awareness must be a top priority for organizations. When developing a cybersecurity strategy, focus on tools and techniques that help people understand, recognize, and avoid cyber threats. They should thoroughly understand the daily risks your organization faces and the impact they might have.
Bolstering your resilience with Veritas gives you the strong foundation needed to protect, detect, and recover from cyber attacks, safeguarding your valuable data and ensuring uninterrupted operations in an increasingly hostile digital landscape.
Learn more about how Veritas is committed to safeguarding your data at our Veritas Trust Center.
Get in touch with us today to secure your company’s long-term future with reliable data backup solutions.
Veritas customers include 95% of the Fortune 100, and NetBackup™ is the #1 choice for enterprises looking to protect large amounts of data.
Learn how Veritas keeps your data fully protected across virtual, physical, cloud and legacy workloads with Data Protection Services for Enterprise Businesses.