Failure to invest in security training is planning to accept cyber attacks

A recent survey from ISACA revealed that 62% of organisations did not increase security training in 2014. I find this quite a staggering statistic.

If anything, 2014 was the year it became the norm to see cyber attacks making the headlines on a regular basis, whether it be businesses, banks, governments, shops or individuals. If there was one thing to learn from 2014, it would be this: if you have a web presence, you’re at risk. So, yeah, don’t worry about increasing your cyber security training budget! I’m sure it’ll all be totally fine. No data breaches, no cyber criminals knocking at your door, no fines from the Information Commissioner…

What most organisations fail to realise is that an investment in cyber security training is miniscule compared to the costs associated with cyber attack, especially if you have no provision in place to cope with the effects of one.

A 2014 report conducted by the government’s Department for Business, Innovation and Skills put the average cost of a cyber attack between £600,000 and £1.15 million for large organisations, and £65,000 to £115,000 for SMEs. That is rather expensive, so perhaps it is worth increasing the cyber security training budget after all…

It’s not my problem…

Compounding the worrying stagnation of cyber security expenditure were the results of a CISCO survey of 1,000 employees to uncover their attitudes towards information security. It discovered that 42% were unaware of security threats and the risk they pose to corporate information, while 39% said they thought it was the company’s responsibility to protect data.

More worrying still is that almost two-thirds (62%) thought that their behaviour only has a low to moderate impact on security. Most alarming of all, twice as many respondents said they were more careful with security at home than those who were more careful at work.

Now, no one likes a smart… aleck, but couple this lack of investment in security training and the lack of understanding from staff and it becomes clear why so many are struggling to deal with even the most basic cyber attacks.

So, let’s stop beating people with a stick, and see what we can actually do about the problem.

Staff awareness training

Staff awareness training is an inexpensive and easy way of delivering essential training to your staff. A large proportion of cyber attacks are caused simply by staff being ignorant of the role they play in the organisation’s security. Many cyber attacks deliberately target the fallibility of the individual (spyware , phishing and social engineering), or find avenues into systems and networks through poor data management, password control or access rights.

Our information security staff awareness course is designed to assist employees in gaining a better understanding of information security risks and compliance requirements, thereby reducing your organisation’s exposure to security threats. Find out more about this course or call us on 0845 070 1750 to find out more about staff awareness training.

Staff awareness courses in PCI DSS and DPA training are also available.

Skilled cyber security personnel

The cyber landscape changes at a frightening pace and it is no wonder many organisations are left baffled by what security measures to put in place. Staff training is a great way to help raise the profile of cyber security within the organisation and ensure that everyone understands that they have a role to play.

But you also need highly skilled cyber security personnel who can create, maintain and improve how you manage cyber security procedures and systems within the organisation. IT Governance is a well-established provider of industry-leading cyber security training. We also offer courses leading to professional certifications from the likes of ISACA, ISC(2) and IBITGQ. Our portfolio includes:

Find out more about cyber security qualifications by downloading our free green paper.