Dr. Shayla Kasel closed the doors to her medical practice of 20 years after a ransomware attack in August 2019. Colorado Timberline, a printing company with a few hundred employees has been closed since 2018 due to ransomware. The Heritage Company, a telemarketing firm, closed just before Christmas 2019, laying off 300 employees. And the list continues.
Ransomware is a form of online extortion used by cyber criminals to encrypt your organizations data and hold it for ransom while demanding payment. Once you pay, your data is supposedly returned, but not always. In fact, Dr. Kasel was told by a ransom negotiator and a forensic specialist that she only had a 15% chance of getting her data back.
While the average payment in December 2019 was $190,946 this number doesn’t take into account the long-tail costs of down-time, lost customers, reputation loss, and back-orders if you’re a manufacturer.
Yes and no. Certainly every company today should upgrade their cybersecurity from antivirus, antispam, and firewall solutions to advanced AI-driven endpoint security.
However, one of the most overlooked issues is that cyber gangs target the people within the business, not just the network. Phishing, Business Email Compromise (BEC), social engineering, vishing, are just some of the methods these gangs use to manipulate you and your employees into giving away credentials or clicking on malicious links.
If you want to improve your organizations cyber posture and resiliency, then it is imperative that you also look to your people, processes, and culture within your organization.
Most people think they’re more aware of phishing scams then they really are. For example, before we begin one of our live Security Awareness Training seminars, we send a phishing simulation to the organization’s employees to get a baseline. Without fail, we see about a 20% click through rate.
Remember, phishing emails are more like highly targeted marketing campaigns, designed to trick intelligent, well-meaning people. And they do.
We believe that a blended approach to security awareness training that includes both live interactive training and simulated phishing events is the best way to help create and nurture a culture of security awareness.
If you’d like to learn more, visit https://consilien.com/security-awareness-training/