Johan Dreyer EMEA Field CTO at Mimecast highlights the vital role of training in fortifying digital defences.

Life skills evolve to match our world. In an increasingly digital environment, we need a new range of skills; ones better suited to today’s always-on environment where cybercrime is an ever-present threat.

So how do we go about equipping the modern workforce with the tools and defences necessary to protect themselves from cybercrime?

Training is key

Human error is something that has impacted nearly all professions and all areas of business throughout time. However, building awareness can help combat human error and when it comes to security, building cyber preparedness helps to fend off the range of attacks, new and old, deployed by cybercriminals.

The front line against cybercriminals is staffed by your employees but they can quickly become the greatest risk; a danger that is spelled out in Mimecast’s The State of Email Security 2023 report, a detailed analysis of the business environment’s state of readiness against cyber risk.

Phishing

The report contains some stark statistics; numbers that should worry boardrooms across the globe. In the UK, 96% of companies say they have been the target of email phishing, while three quarters of global organisations expect to suffer serious consequences as a result of an email or collaboration tool-based attack.

The issue with the last statistic is that it’s proving difficult to keep on top of a rapidly changing, and often unregulated, IT landscape. Specifically, report participants from the UK overwhelmingly agreed (94%) that collaboration tools are essential for their companies’ success and its day-to-day operations. However, almost half (46%) complain that employees routinely download and use new tools that have not been vetted or approved by IT.

Unfortunately, employees at all levels regard cybersecurity as an IT issue and not their responsibility, a perception that needs to be tackled head on if the number and scale of attacks are to be reduced. The importance of this acknowledgement is underlined by another worrying finding – 80% of global respondents had experienced an attack where the threat had spread from one infected employee to another.

The top five contributing factors in the UK are:

• Poor password hygiene: 77%
• Misuse of personal email: 74%
• Oversharing of information on social media: 73%
• Careless or inappropriate use of smartphones: 68%
• Careless or inappropriate use of collaboration tools: 65%

Part of the solution is better cyber security training that alerts employees to the dangers of the digital environment and teaches them to recognise and safely manage the threats to which they are routinely exposed. This needs to be led from the top – C-suite participation is essential if a full buy-in is to be achieved.

Creating the best cyber awareness

Almost all (99%) of global organisations provide some form of cyber awareness training to their employees.

Yet 8 out of 10 believe they are at risk due to inadvertent data leaks by negligent employees.

Data from Mimecast’s latest research revealed that 93% of UK organisations have experienced a cyber threat via collaboration tools. The most common threats?

• Malware
• Phishing
• Credential harvesting

Yet our research also found that only 10% of UK employees globally have received dedicated awareness training for collaboration tools separate from broader cyber awareness training.

The most effective approach is on-going training that’s engaging and based on educational best practices, a reality that’s increasingly being reflected in the types of education and guidance provided by the report’s respondents. More than half (55%) conduct group training sessions with their IT or cybersecurity teams, while 41% offer one-on-one training sessions as well.

An essential part of this training needs to focus on the role of social engineering, a category of cyberattack that aims to trick people into sharing sensitive information that gives an attacker access to a system, physical space, or data. Rather than searching for software vulnerabilities, they take advantage of human psychology to gain the trust of an individual and convince them to share access credentials, for example.

This underlines the importance of embedding a culture of cybersecurity awareness that involves all employees. However, the tools necessary to support it need to be readily accessible and there needs to be sufficient budget to ensure they are kept up to date. Fortunately, with boards now regularly discussing the risks posed by the rise in data breaches and cyber fraud, there is a growing sense that requests for more funding will get a positive reception.

The real benefits of artificial intelligence

To expand on the people element and the focus on security awareness training it’s also important to provide contextual guidance to users about potential risks in email, which helps them make smarter decisions.

Most respondents (81%) to our research agree that having access to artificial intelligence systems that provide real-time, contextual warnings to email and collaboration tool users would be a huge boon. Twelve percent went so far as to say that the benefits of such a system would revolutionise how cybersecurity is practiced on a day-to-day basis.

Equipping people to say something if they see something potentially suspicious, allows security teams to deal with it quickly, take action and contain the threat. A lot of the techniques Mimecast are using and developing now, are around how to elevate the consciousness of users so they can make intelligent decisions in conjunction with the tech. It’s about people, processes and tech working together.

Collectively, nearly half of the companies interviewed worldwide (49%) are already using some combination of artificial intelligence (AI) and machine learning (ML) technologies (compared with 46% last year and 38% the year before), and most of the rest (43% of the total) are planning to implement them soon.

Among the organisations currently making use of AI/ML, more accurate threat detection (50%), an improved ability to block threats (49%) and faster remediation when an attack has occurred (48%) are viewed as the three biggest benefits.

Keeping a clear head

Cyberattacks can have consequences that sometimes get overlooked. An important one is the impact they have on staff: Mimecast’s State of Ransomware Readiness 2022 report states globally one-third of teams experience an increased number of absences due to burnout following an attack, so steps need to be taken to support those affected.

Mimecast, for example, partners with Cybermindz, the first organisation of its kind, to alleviate the suffering of cyber teams, support mental wellness and peak performance through the implementation of the evidence-based Integrative Restoration (iRest®) protocol. We also partner with Unum, which offers a range of helpful resources, including an app that provides unlimited mental health support to employees and their families.

An everyday essential

Around the globe, businesses are battening down the hatches against a cyber storm, which is growing in force. Worryingly, cybercriminals are already starting to use AI to enhance ransomware, email phishing scams and other attacks. The latest cyber defences therefore aren’t a luxury – they’re a must-have set of tools that need to be deployed 24/7.

Importantly, senior executives have started to acknowledge the scale of the risk, which is helping to drive cyber preparedness up the list of business priorities.

The threat landscape will continue to evolve – of that we can be certain – and in no time, today’s digital ramparts will look as outdated as the physical ditches and drawbridges of the past. The next generation of tools are already being developed but stopping bad actors will also continue to be dependent on an on-going awareness amongst employees of the strength and range of attacks.

Businesses may find the dedicated suite of resources we created helpful for raising cybersecurity awareness among their employees. They can download these resources here and enable their people to work protected.

More UK Security News