How can an informed workforce minimise the consequences of cybercrime?

How can an informed workforce minimise the consequences of cybercrime?


Theo Zafirakos at Fortra’s Terranova Security shares why businesses must train their employees on security best practices and put preventative measures in place

Guest contributor |

Businesses are beginning to see huge benefits from the growth of the digital economy. But, with the increased use of artificial intelligence and global-scale adoption of cloud technology, they are also falling victim to the surge in digital crime. 

Risk analysts McKinsey & Company found that organisations around the world spent around $150 billion on cybersecurity in 2021 and these numbers doubled in 2022 to $300 billion. Fast forward another year and cybersecurity is estimated to cost $8 trillion by the end of 2023, according to Cybersecurity Ventures. If we continue at this rate, firms will become bankrupt and threat agents will have the upper hand with access to sensitive data.    

Although these statistics are alarming, firms are becoming increasingly aware of their vulnerability to cyberattacks and looking for ways to prevent them. For example, the World Economic Forum’s Global Cybersecurity Outlook 2023 report reassuringly found that more than half of cyber leaders are meeting with their business leaders monthly to discuss cyber-focused topics.  

At Fortra’s Terranova Security, we aim to keep cybersecurity costs low for businesses by creating training programmes and phishing simulations to improve security awareness. We encourage our customers to train their users how to spot the most common attacks to reduce the chance of a cybersecurity breach.  

The term ‘cybersecurity’ covers a myriad of topics, so firms looking to improve their security awareness should focus on three important aspects that we embed into our training solutions.  

Teams need to be ready for sophisticated phishing attacks and social engineering schemes, which take advantage of the human risk factor prevalent in every organisation. These attacks will become more complex as threat actors use new technologies, such as AI, to evolve their attack scenarios and make fraudulent emails and messages appear more believable.  

Fortra’s phishing simulation tools help to educate employees so that they can spot manipulative emails and phishing scams. The better-informed teams are in handling sensitive data safely, the less likely they are to put that data at risk.  

With continuous attempts to steal usernames and passwords, organisations need to ensure that their data is protected. Despite multiple warnings, there will always be a percentage of individuals that reuse passwords or create weak passwords for simplicity. If credentials created in this manner are compromised, the damage can spread and hackers may use the individual’s profile to access other systems.  

However, businesses can protect themselves from potential security leaks by implementing multifactor authentication (MFA) to prevent password-based attacks through phishing scams and social engineering attempts. Instead of asking for only a username and password to verify a user’s identity, MFA requires additional verification information such as a one-time passcode, cryptographic token or fingerprint. This puts barriers in place to make data less accessible for cybercriminals.  

Business leaders and their security teams must also establish and maintain effective communication channels with their teams so that when a security incident occurs or they spot suspicious activity, employees are able to report it to the correct individuals. To report effectively, employees need to be able to identify valid threats to reduce the amount of ‘cry wolf’ scenarios, where security teams are called out for non-threatening incidents.  

Some of the questions leaders need to ask themselves are: “How quickly can my employees report incidents, if they report them at all?”, “To whom did they report the incident to?” and “How have we responded to these incidents?”. 

To combat this, teams should provide ongoing communication and security-awareness campaigns about reoccurring and emerging threats.  

Theo Zafirakos is chief information security officer and professional services lead at Fortra’s Terranova Security 

This article was originally published in the Spring 2023 issue of Technology Record. To get future issues delivered directly to your inbox, sign up for a free subscription

Subscribe to the Technology Record newsletter

  • ©2024 Tudor Rose. All Rights Reserved. Technology Record is published by Tudor Rose with the support and guidance of Microsoft.