88% of cyber incidents stem from human activity. Human mistakes with often disastrous consequences for your company, customers and employees. How do you make employees aware of cyber risks, teach them how to recognise cybercrime and tell them what to do (and especially what not to do) in case of suspicious situations? In this blog, you will read why it is vital as an employer to create cybercrime awareness in your organisation and how the right software can help.
Did you know that as many as 88% of cybersecurity incidents are caused by human activity? Not for nothing do cybercriminals – with success – fully deploy techniques such as phishing or social engineering.
Some figures from 2021 (Cybersecurity Magazine):
Technological developments are creating more opportunities to trade or automate certain operations. That is why most companies welcome innovation wholeheartedly. New technologies also make cybercriminals happy, as it makes them even more capable of committing hacks, cyberattacks or online scams. With disastrous consequences – not only for your organisation – but also for your customers and employees.
Possible consequences of cybercrime may include:
Numerous studies show that cyber risk increases with more remote working.In doing so, people are still the weakest link in the cyber security plan, especially after the flight that remote working took during the corona period. Forced by circumstances, many companies then hastily took measures to switch to online working. In many cases, this was not done carefully enough, leading to an increase in security incidents (such as phishing or ransomware attacks) of as much as 238%.
What makes remote working so risky is the ‘cross-pollination’ from the personal to the business environment and vice versa. In particular, the security level of the devices a person works with (endpoint security) is a critical factor here, because:
In contrast to what you might think, the fight against cybercrime is getting weaker in companies. A dangerous development given the exploding number of cyber threats. Fortunately, security in organisations is being increasingly tightened, including by governments. Do you conduct business with European companies, and are you interested in learning more about NIS2? Because In 2024, the new European security directive, the NIS2, goes into effect. Want to know more about the NIS2? Read all about it here.
For larger companies, IT security is often high on the agenda, but for SMEs and small independents, proper security measures are often lacking. A major cause of this is a lack of awareness and urgency: when determining the necessary security measures, many companies start from incorrect assumptions or outdated information. As a result, they are not fully aware of the risks and mistakenly think that things will not go that far. Or they do not know which techniques cybercriminals apply and how to keep them out.
For example, a common misconception about cybercrime is that small organisations often think “we are only small, there is nothing to get from us”. But nothing could be further from the truth. Small and medium-sized companies in particular are more often the victims of cyber attacks, partly because they are more likely to be hit during any widespread cyber attack because they do not have their security in order.
By creating security awareness within your organisation, you can prevent many human incidents. By ‘awareness’, we mean promoting awareness among your employees about the dangers of cybercrime. This ranges from understanding the importance of information security to knowing how to recognise cybercrime, what to do in suspicious situations and, above all, what not to do. In fact, awareness is nothing new, but given the huge increase in the number of security incidents, the topic is more topical than ever. This makes it all the more important for companies to continuously work on it.
When creating awareness, managers’ biggest challenge is to get employees on board. Employees have their own jobs they are busy with. They often regard cybercrime as a technical trick they have little to do with and something the IT department will take care of.
The hardest part for managers is ensuring that awareness around hazards becomes standard behaviour (creating behavioural change) within the organisation. Because how do you ensure that all layers – from the CEO to the facilities department – are able to think about security and recognise cyber risks? If people have to attend yet another long training course or information session for the umpteenth time, there is a risk that at some point they will think “I know it now” and drop out.
With Zenya BOOST, you develop effective, cohesive awareness campaigns that create context and understanding and engage people on topics such as cybercrime. The idea behind this is that people are more likely to cooperate in achieving a goal if they understand why something is important and know what is expected of them.
With BOOST, you put together the ultimate awareness campaign, so that your employees know what’s going on when it comes to security and stop falling into the trap of cybercriminals.