IT SECURITY AWARENESS TRAINING
The press can’t get enough of large corporate data breaches. They delight in showcasing the latest horror story about a well-known business that lost massive amounts of private records or millions in revenue to the latest hack. However the reality is that most data breaches happen to SMEs. The cyber criminals target them because they are easier to get in to, and because the average small and medium sized business spends less than £200/year on security and have had virtually no IT security training. The tactics used are not dissimilar to those they use on the big fish, but as most SMEs haven’t been trained in what to look for and don’t have the solutions in place to help prevent the common attack vectors used, they are the easier target.
Despite all the funds large corporates may have spent on state-of-the-art security software, they still get hacked; Sony, Talk-Talk, Kaspersky Labs, to name but a few, the bad guys know they are just one gullible user click away from gaining access to any network or computer. Recent surveys show that directors & senior management can be some of the biggest culprits when it comes to clicking on phishing links and opening malicious email attachments. Cyber-criminals know that the weakest link in any company is the connection between the chair and the keyboard.
A recent study showed, email is the most successful attack vector into a company. Web-based attacks used to predominate which is why their prevention appears to receive more funding. However, email attacks have never been far away from first place and are now in the lead. The survey places email in the lead with malware infections impacting 67% of companies, with web-based attack vectors in second place at 63%. The steady rise in Phishing, Spear-phishing & Whaling attacks proves this. Ransomware attacks, where a company can have all its file encrypted are more common than ever. Also Phishing is increasingly employed to gain access and then quietly set up camp inside the network. Thus phishing does not always lead to an immediate data breach.
The biggest indictment of traditional security defences, concerns (antivirus) AV software. Still considered, by a lot of big and small companies alike, to be the primary defence against malicious programs, the sheer volume of threats is making it impossible for AV to keep up. It is important to note that AV does not spot all threats. Estimates of AV effectiveness vary from 40 to 80 percent. Hackers learn very early on how to evade Anti-Virus software. Most AV tools mainly use signature files to detect viruses, new threats are only added to these lists once they are detected. They may be much faster at finding new strains and adding them to their virus signatures – an average of 6 hours in some cases. But that still leaves a large window for the cyber-criminals to exploit and cause damage. Time to compromise among customers was often less than a day once a breach occurred, whereas time to discover the breach was much slower.
IT Security Awareness Training can save any company a huge amount of lost time, money, reputation and heartache. We are certified and experienced IT security professionals who know what attacks the hackers and cyber criminals use. A few hours training can make all the difference. Contact We Just Do IT Services, via the contact form below, for more details.
We also offer vulnerability scanning, penetration testing or ethical hacking. Penetration Testing.
For More Information.