Why Staff are your first line of defense against cyber breaches

Sit back and relax - you have good technology and processes in place, and you are protected from cyber security breaches. Unfortunately, that’s how many companies view their cyber security risk, and that’s why they get breached!

Scary Stat Time

The statistics around breaches are very compelling:

• Over 90% of them are via staff.
• 60% of companies that suffer a major breach are out of business in 6 months or less.
• They take over 6 months on average to detect.
• The average cost (in Australia) is now $1.99 million.

Yes, you read it right, $1.99 million! Think of expensive cyber security consultants digging out malicious code in your systems because the criminals have been in there for 6 months. Think downtime, mandatory reporting to the OAIC, reputation damage and lost customers. It certainly adds up!

We need good tech and processes

Cyber criminals are largely strategic groups focused on obtaining your money, or your information to sell online, and they won’t spend time on something that doesn’t make them money. And right now, with all the good tech we have in place, it’s hard for them to hack into systems. That’s a really good thing, but being strategic, cyber criminals will look for the easy target.

How are staff tricked?

So what do they do? Target staff, because they are helpful, trusting and gullible, and because they haven’t been trained in how to identify and respond to IT security threats.

And that’s where the “over 90% of breaches” stat comes from! Staff are tricked with things like:

• Malicious files
• Removable media
• Deceptive URLs
• Dangerous emails
• Malicious websites and website popups
• Social engineering (tricking people face to face, or with a voice conversation)
• Requests for information 
• Impersonations (e.g. Pretending to be the CEO and asking for money)
• Scare tactics, free lunch tactics, and the fear of missing out
• Physical IT breaches (i.e. actually getting physical access to information or systems)
• Mobile device scams

But there is hope

The attack possibilities are near endless, and that’s why in this day and age staff need to be suspicious first, so that they stop and think before they act. And to do that, you need to educate them on how they are targeted, and how to respond.

Don’t educate them with a boring online compliance-based program either. Face to face training that is fun and engaging will give you massive benefits to your cyber risk profile. Stay safe out there!