In today's era of hybrid working, employees are more reliant on technology than ever, yet team members are less visible to the cybersecurity and IT leaders responsible for managing these technologies. As Australia's digital landscape has evolved, so too have the cyber-attacks that work to bypass security technology by preying on human error.
And it's working.
As identified in Deloitte's Future of Cyber 2023 report, 95% of cyber events are caused by human error. Hybrid work has added to the challenge of protecting systems as businesses lean into the cloud and other technologies that enable more agile work structures. Cyber threat actors are seizing the opportunity this creates. The number of identified threats / breaches to organisational systems in Australia was up by 26% in the last 12 months. Business Email Compromises (BEC) remain the preferred method for cyber criminals to access organisations undetected. Among company board members alone, cybersecurity Proofpoint reports that almost three-quarters (73%) believe their company faces the risk of a major cyber-attack in the next 12 months.
So, how should organisational leaders approach and tackle this growing and intimidating challenge? Deloitte's report found that organisations were likely to see higher performance levels when senior business and IT leaders lean into the challenge. Collaboration between this leadership layer and wider employee groups showed measurable improvements in securing valuable and impactful engagement from the wider workforce around cyber initiatives.
To do this effectively, organisations must embed cyber initiatives in an employee's overall experience at a company rather than adopting a 'set and forget' method of training.
Building cyber maturity and awareness
There is little value in delivering a training program that doesn't reflect the environment in which an employee needs to operate. This is a truism for any business function. Yet when it comes to cybersecurity, this has been the practise of many businesses in approaching knowledge and upskilling their workforce despite the rapid pace at which cyber threats are evolving and mutating.
A proactive approach is imperative for large-scale multinational organisations to prevent costly breaches, protect sensitive data, and preserve their reputation. It also ensures compliance with regulations, maintains business continuity, and cultivates a culture of security - all vital in the evolving digital landscape.
To ensure organisations continue to match these changes, it is essential to embrace the collective and shared ownership associated with managing the challenges and risks of implementing and reshaping cybersecurity training programs. Supporting employees to understand, to manage and to adapt to cyber challenges will ensure that they feel empowered and equipped to be an enabling part of the solution.
Tailored campaigns and partnerships
There are a variety of methods and services available to help with the training of employees in cybersecurity practices. A good cybersecurity training program should include a comprehensive approach that's been designed specifically for your business operations and workforce. This program should encompass initial planning and discovery stages and simulated baseline phishing campaigns right through to monitoring and reporting by factoring the nuances of your operations throughout.
For instance, a multinational mining organisation has entered a unique partnership with Orange Business after identifying the need to improve cyber maturity across the organisation. As a part of this collaboration, Orange Business will establish a fully managed, in-house service for an ongoing cybersecurity program with purposefully curated content specific to the organisation.
Deployed through an on-site consultant, this partnership will see the delivery of a customised phishing campaign and consultations, as well as workshops that consistently reinforce key concepts and introducing new and relevant security topics. This will be delivered while correlating information and results for reporting requirements to demonstrate return on investment.
The reality is that many of the outcomes that organisations desire from a sustainable cybersecurity culture will take time and effort.
By employing a trusted partner through a managed service provider, organisations can ensure that they address any global or local security challenge and protect their company throughout the entire threat lifecycle. Additionally, managed service providers can align long-term cybersecurity strategies with an organisation's broader business objectives, ensuring that security measures are in harmony with the company's overall mission and goals.
Ongoing cybersecurity training is a cornerstone to enhanced cyber maturity and reduced organisational risk. Investing in continuous training is no longer a consideration for organisations but a must-have that:
- Helps establish a positive Return on Investment by preventing costly security breaches,
- Fosters a transformation in the organisational culture towards heightened security awareness,
- Leads to a more robust security model and enhances cyber maturity across the entire organisation,
- Continues to minimise the risks associated with phishing and social engineering attacks.
While industries may be eager to move full speed ahead with new technologies and security solutions, addressing the risk of human error in cyber-attacks remains paramount. Employing provider partnerships and building on proactive and invaluable training program investments for organisations will be key to ensuring comprehensive cybersecurity resilience.