Many organizations base their cybersecurity on smart technology yet underinvest in what should be their first line of defense—their employees. Understanding and managing the behavior of employees, engaging them in the defense of digital assets, networks and intellectual property, secures benefits that often elude other organizations.
The Department of Health and Human Services #1 Mitigation Practice is E-Mail Protection Systems – Phishing Simulation and Education. Phishing attacks via email (a type of hacking attack) are the most common first point of unauthorized entry into an organization. Hackers target the weakest link, humans: social engineering accounts for 98% of ransomware attacks.
A successful cybersecurity culture begins with identifying the organization’s risk tolerance. Understanding which systems need protection and where vulnerabilities exist leads to informed decisions to secure enterprise data and set expectations about employee behavior.
When healthcare executives set reasonable, incremental goals and demonstrate a willingness to try new training methods, creating a culture of cyber awareness may be achieved. Given the volatility and increasing sophistication of the threat landscape, it is imperative.
According to ISACA and the CMMI Institute in their 2018 Cybersecurity Culture Report, organizations found a gap between their current cybersecurity culture and their target. Only 5% were content with the maturity of their culture. Cyber Tygr develops a culture of security through:
“Analyzing 6 million users over the course of 12 months uncovered surprising results. The overall industry initial Phish-prone percentage benchmark is a troubling 27%.
Fortunately, the data showed that this 27% can be brought down more than half to 13% in only 90 days by deploying new-school secuity awareness training. The 365-day results show that by the folowing these bet practices, the final Phish-prone percentage can be minimized to 2.17% on average.