Many businesses think they’re too small to be a target, or that their end users already know how to avoid phishing. But every business is a target, and cyberattacks are expensive enough that a single breach could be disastrous. When you understand the real-world risks and statistics around actual end user behaviour, the importance of training is pretty undeniable.
Hackers use social engineering attacks to take advantage of end users’ curiosity, trust, fear, negligence, and greed to drop malware on business networks. More importantly, 49% of employees admit they click links in messages from unknown senders while at work.1 When you consider that 1 in 50 URLs is malicious2, businesses really can’t afford to have half their workforce taking these kinds of risks.
Of workers who are certain their personal information has been compromised in a cyberattack, more than one-third didn’t even bother to change their account passwords afterward!1 In fact, 67% of workers worldwide are certain they have received at least one phishing email at work. Of those, nearly 40% didn’t report it to anyone, let alone their company’s IT or security teams.1 Ouch.
According to the 2019 Verizon Data Breach Investigations Report, most breaches involve phishing and the use of stolen credentials.3 Because phishing continues to be such a successful method for breaching business networks, cybercriminals are going to keep using it. And they’re getting better at looking convincing; nearly 1 in 3 phishing sites use HTTPS to give page visitors a false sense of security.2
Hackers are banking on small and medium-sized businesses (SMBs) believing they won’t be targeted due to their size. The bad guys also know that, while SMBs can hold a fair amount of private and financial data, they are significantly less likely to have the resources to invest in comprehensive security programs. Not only that, but because a single small business could have connections to other, larger companies, they may be targeted simply so that criminals can gain access to systems belonging to “bigger fish”.
If a business operates in healthcare, finance, retail, insurance, or energy, these industries typically require end user awareness training at least annually. Basically, if a company takes credit card payments or wire transfers for any reason; or stores customers’ personal data (SSNs, account numbers, payment card data, etc.) for any length of time; then it’s critical for them to look into the applicable compliance and/or cybersecurity regulations ASAP. With the recently enacted data privacy and protection act of Uganda, the fines for non-compliance can be painfully high. Why risk that?
Did you know the average total cost of a data breach is now up to $3.92 million?4 Or that 90% of the malware businesses encounter is delivered via email?3 If you could stop employees from falling victim to phishing and email malware, you’d do it, wouldn’t you? Well, the results of training speak for themselves. After 12 months of ongoing phishing simulations and digital safety and security awareness training, end users are 70% less likely to click through on a phishing message.5 When you consider all these numbers together, it’s pretty clear that the awareness training can save you a lot of time and headache—not to mention money.
If you think, feel and believe that your company, organisation needs this awareness training, drop us an email or call via