In late July 2020, technology giant Garmin fell victim to a ransomware attack that halted operations across the board. Encrypted company data meant customers could not access the information synced from their devices. Aviation and GPS communications were unavailable. Even customer support was inaccessible. Garmin ultimately opted to pay the multi-million-dollar ransom to regain access. Services were restored but it left customers wondering about the security of their personal data. As expensive as it was for Garmin to restore their encrypted data, the larger cost may ultimately come in terms of customer confidence. For small and midsize companies in this same position, the combination of expense and damaged reputation could mean the end of their business.
The Biggest Risk Factor
While the Garmin attack is the latest large-scale ransomware attack in what feels like the craziest year on record, it’s only one of many. In fact, the FBI says that cybercrime reports have quadrupled in the first half of 2020, since the beginning of the COVID-19 pandemic. Nearly three-quarters of ransomware attacks result in encrypted data. If you examine the root cause behind ransomware events, you’ll find that a majority are triggered through phishing. Realistic-looking websites and impostor emails lead many otherwise knowledgeable people astray.
As 2020 rolls on toward 2021, IT security professionals have seen a sharp uptick in ransomware attacks, as bad actors are clearly taking advantage of work-from-home situations and increased pandemic concerns. Most businesses employ multiple layers of security, including password policies, two-factor authentication, and antivirus software. However, no matter how many security measures there are in place, there is one factor that can be unpredictable: employee action.
Mitigating Risk with Security Awareness Training
The vast majority of individuals are not malicious in any way. As a general rule, employees don’t set out to wreak havoc in your business by introducing malware or triggering ransomware. Cybercrime is a well-funded industry. Cybercriminals can fool just about anyone into believing they are legitimate. Most ransomware events are the result of an innocent click of the mouse by an unsuspecting individual in an organization. This could be anyone, from the newest hire all the way up to the CEO. Cybercrime doesn’t discriminate. It takes its opportunities wherever they arise.
Educating your staff about threats can help to mitigate some of the risk that comes with doing business in this technology-driven world. How you go about it, however, will determine how protected your company data will be over the long term.
Security awareness training is, for a lot of businesses, a singular event. It may be part of onboarding for new hires, a checkbox during training. Or it may be part of the response in the aftermath of a breach. With as quickly as cybercrime morphs and adapts, a one-time training event is woefully inadequate. Instead, security awareness training should be ongoing, repeatable, and measured for effectiveness.
Lieberman Technologies can help your company to assess employee knowledge about cybersecurity. We provide training options tailored to your unique needs. Instead of a one-time event or a response after the fact, our educational offerings allow you to consistently test and train. We help you and your staff learn to recognize phishing attempts, email spoofing, and a host of other methods used to compromise company information. We can help you stay on top of the latest threats as they evolve in business technology.
Want to know more? Contact us!