2020 was dubbed as ‘the worst year on record’ RiskBased Security, given a staggering 36 billion records were exposed throughout the year. Names (45.1 percent), along with access credentials in the form of email addresses (36 percent) and passwords (29.4 percent), continue to be the most exposed data types. Internal, non-personal identifiable information categorised as ‘Miscellaneous’ was added to the list, along with ‘Unknown’ (no confirmation provided on data compromised), due to the number of ransomware-related events.
In total, RiskBased Security mentioned that there were 2,935 publicly reported breaches in the first three quarters of 2020. The healthcare sector and the information sector nearly tied for the most data breaches, followed by finance and insurance, public administration, and professional/scientific for the top five. Much of the data breached across industries might have been collected from older or publicly accessible sources. Even so, the potential dangers are unquestionable. Increased attention and cooperation between hackers points to a growing interest and overall risk.
The cost of a data breach can be enormous. Beyond financial impact, data the costs of data exposure are in many other forms, such as system downtime, reduced efficiency, brand damage and loss of trust, IP theft, and even damaged employee morale.
System downtime could affect business operations that have to do with brand awareness and reputation. While losing network access can cause immediate pain in the form of lost productivity and opportunities, system downtime can cause more harmful long-term damage to the company brand. As an example, Amazon’s AWS cloud industry platform’s brand reputation has suffered due to a number of server outages and a relatively low service level agreement (SLA) of 99.99 percent, which equates to as much as 52.56 minutes of system downtime in a year. Given the high potential impact of a server outage, many smaller companies cannot afford to take the risk and are seeking more reliable solutions for their cloud infrastructure that provide better levels of SLA uptime.
Due to the risk posed by a cyberattack, companies need to design a campaign to protect employees, users, and the company from the negative effect of cyber thefts. With organisations transitioning to long-term remote work culture, giving employees the tools and resources to be secure online in their personal lives as well as in the home office is more important now than ever. Likewise, you should take your security awareness program virtual, in a way that keeps your employees engaged and educated.
Here’s how to conduct virtual cybersecurity awareness campaign:
Security awareness can be a challenge to quantify but it is possible. To tell that your campaign is a success, you can solicit employee feedback, know what they enjoy or think could be better. Then, work with your security team to identify metrics that show if the “human error” risk is trending downtrends. All this information can give you a better understanding of the success of your campaign efforts. Don’t be afraid to run and test new methods and get creative with your ideas – because success is a choice you can effectuate.