In recent years, incidents of data breaches and cyber-attacks have been reported not only in India, but all around the world. According to a recent IBM report, the average cost to tackle data breaches this year increased by approximately INR 8cr due to remote working. The report further highlights that the average cost of a data breach increased by nearly 10% year-on-year in 2021; the largest yearly increase in the last seven years. The pandemic has worsened this situation by providing cybercriminals a new method to conduct cyber-attacks through exploiting COVID-19 response messaging to target remote workers. For instance, when the lockdown began last year and required many individuals around the world to work from home, organisations were yet to enable safe and secure work environments for their remote workers. Cybercriminals capitalized on this window.
Malicious activities remain a concern even as employees return to the office or shift to hybrid models of working
Cybercriminals use various modes of attack to breach the data of an organisation; from ransomware attacks, where attackers intercept data to pressure victims into paying ransom money, to phishing attacks, where attackers steal sensitive data by posing as a reliable source. However, more recently, cross site scripting (XSS), a process which injects data into otherwise trusted websites, and man in the middle attacks (MITM), which intercept an existing conversation or data transfer, have also gained prominence. According to Sentient Digital Inc, last year XSS attacks accounted for approximately 40% of all data breaches worldwide.
While these attacks are not new, cybercriminals have been using our changing circumstances to their advantage. With rising numbers of people getting fully vaccinated, many companies have decided to welcome their employees back to office. As we witness individuals leaving the comfort of their home desks, the number of malicious activities is likely to remain a concern that requires swift and decisive action. On top of this, given that a proportionate number of firms are asking their employees to continue working from home, the anxieties around data breaches and cyber-attacks will persist. In fact, Global Workplace Analytics has estimated that 25-30% of the workforce will be working from home multiple days a week by the end of 2021.
In the rush to set up remote work environments, organisations and employees may have overlooked cybersecurity best practices. As the challenges of cybersecurity in our new hybrid working context are now abundantly clear, it is crucial for organisations to mitigate their security risks by undergoing cybersecurity training.
Adopting best practices and upskilling is key
The current environment requires employees to not only be familiar with the kinds of cyber-attacks that they may fall prey to, but also be equipped with the latest threat intelligence and attack methods to help them navigate the risks effectively. Globally recognized cybersecurity training is the need of the hour, as these will help mitigate the anxiety caused by cybersecurity uncertainty. Such training can also help instill company-wide best practices. Cybersecurity should be a priority for any organisation through ensuring employees are trained adequately and are provided with advanced tools and resources to help combat cybercrime. Additionally, by ensuring staff have received cybersecurity training, it becomes a shared responsibility and promotes the safe use of technology. In an effort to help bridge this knowledge gap, there have been many bodies educating companies and individuals on the imminent threat of cybercrime.
With the sudden onset of work-from-home culture, the Work from Home Security Awareness training by PCI SSC helps to establish best security practices when working remotely. organisations should encourage employees to take up such types of training that are low cost and beneficial for all people and not just IT professionals as they assist in making it easier for companies to establish best security practices across their entire business.
Although companies are focusing on upskilling their workforce and investing in cybersecurity to ensure smooth business operations, specialized modules that cover working from home basics on security awareness remain crucial. According to a recent report by Infosys Knowledge Institute, cybersecurity remains the highest priority for 67% of companies, showcasing the importance of organisations equipping and upskilling their employees to operate efficiently and safely in this “new normal”.
Key learnings from Cybersecurity Security Awareness Training
Such training emphasizes the need to understand security responsibilities and best practices to keep data secure. They aim to help learners identify potential cyber threats, such as phishing and ransomware attacks, and what steps to take to avoid unauthorized sharing or disclosure of sensitive data. The course also explores potential security impacts and considerations around home office environments and common home office equipment to mitigate threats to sensitive payment account data.
To reiterate, in the current times when cybercriminal activities are on rise it highlights the importance to train each and every employee of the firm regardless of their technical experience or previous knowledge on the subject and help them gain tangible, real-world insights on security requirements and best practices that can reach a broader community. Appropriate training can help support the organisation's security efforts. Taking part in this initiative will not just benefit in showcasing ways to deal with such crime in the present period but also in the near future.