Criminal hackers are ‘rediscovering’ the tools of the past in their latest efforts, and moving back from hacking machines to hacking people. One of the reasons behind this shift is the lack of cyber security awareness among employees, who are often seen as the biggest threat to computer security – as CODE42 explains in an infographic.
Research has shown that more than 90% of cyber attacks began with phishing emails – almost certainly because hacking people through phishing attacks is simpler and cost-effective. Criminal hackers don’t need many tech skills or resources to succeed: studying their prey and using social engineering tactics are all they really need.
The need for cyber security basics
Microsoft forecast that by 2020 there will be 4 billion online users, all in need of basic cyber security training, meaning that global spending on employee security awareness training is likely to rise to around $10 billion by 2027, according to Cybersecurity Ventures.
How are companies addressing employee security awareness?
Many companies have opted for computer-based training (CBT), which often goes under the name e-learning. Delivered online, these courses grant benefits in terms of travel and accommodation savings, as well as saving time because employees can start, stop and resume courses around their daily schedule. Not to mention the cost per user, which is considerably lower than face-to-face training.
Nowadays, e-learning courses are made more engaging by including interactive activities like quizzes, videos, simulations and so on to stimulate the learners’ curiosity and deliver the messages in an informal way.
IT Governance has developed a broad portfolio of e-learning courses to address topics like information security and phishing, and to help employees understand ISO 27001, GDPR and PCI DSS compliance requirements.