Training your staff on cyber security in 2022

As 2022 approaches, adopting structured cybersecurity strategies should be a priority for businesses. With the increasing frequency and complexity of cyber-attacks facing companies facing financial hurdles and brand-damaging responses, new tools and strategies are constantly evolving.

Today we are going to discuss the common cyber security issues of 2021, the importance of training your employees and how to reduce the risk and stay safe in 2022.

Inspection Try Hackmey Newsroom Learn more about cyber security, threats and mitigation methods.

Cyber ​​Security in 2021

2021 presents some repetitive themes and threats. As the landscape continues to evolve, let’s consider some notable metrics from the previous year.

Small businesses reported 17% of cyber attacks, citing malware as the highest recurrence, according to Security Navigator. Medium-sized companies have suffered 30% of the attacks, primarily network and application incompatibilities. Surprisingly, large businesses have experienced the highest proportion of attacks, with malware again the most common threat. Compared to 2020, the overall attack has increased by 18%.

In 2021 human error has become a common problem. Since the global remote action is consistent, hackers are taking advantage of insecure networks, lack of surveillance, and suspicious staff.

Ransomware attacks have increased. Ransomware attacks occur every 11 seconds (Cyber ​​Crime Magazine,) and are expected to reach more than 700 million by the end of the year. One of the most significant attacks of the year was carried out by JBS – a meat supplier based in the United States. In May 2021, JBS was forced to shut down its five largest plants due to a ransomware attack. JBS has paid a ransom of USD 11 million to further deter cybercriminals.

One recent problem in 2021 – dubbed as a serious threat to the entire Internet – is log4j. log4j weakness (CVE-2021-44228) Has unveiled some of the most notable applications to attack across the Internet, with companies running to patch and minimize losses. Exploitation of the Java-based logging framework has enabled hackers to install crypto miners, steal certificates and system data, and dig deeper into compromised networks, allowing the use of weapons. Experts believe that the true extent of this error is still ongoing.

The importance of training your staff

Almost all share a root cause of cyber attacks – human error. An IBM report suggests that human error contributed to 95% of successful violations, in proportional representation agreements with CISO worldwide. At this critical level, human error has been called the biggest cyber vulnerability – yet an area of ​​the cyber landscape that many companies are deprived of.

Most human error is caused by inadequate training or lack of awareness. These actions can lead to security breaches and present themselves in a range of recurring errors – failure to update the system, weak passwords and scams – to name a few. Although most businesses use certain types of security software, security can only go as far as using workforce systems. Cybercriminals often access data through people – who act as an open door through complex security systems.

There are two things to consider in training your workforce – recruiting an appropriately sized cyber security team for your organization’s needs and scope, as well as ensuring that each member of the workforce has an idea of ​​the threats and mitigation methods. Departments such as IT teams and job positions that rely on software and technology also often benefit from a deeper level of training.

Steps to stay safe in 2022

When dealing with cyber security concerns, businesses should follow some general rules:

Training your team is the best way to ensure that your workforce can serve as a line of defense against many threats. TryHackMe is a cybersecurity training platform Offers free and premium labs for higher expertise in cyber security – perfect for beginners to experienced hackers. They are introducing cyber awareness training, which is proving to be a bright foundation for building cyber culture between teams, with engaging, interactive training. The training will address common attacks, identification and how to mitigate them; Cover phishing, secure browsing, passwords and a dive into the importance of 2FA, malware / ransomware, firewall, VPN and backups and updates. The Business Dashboard allows managers to monitor all employees’ progress and adapt to any training path to be relevant to the company.

Access Control – Employees should only have access to software, data and documents required for their role. Ensuring that the level of access is as short and relevant as possible reduces the amplitude of potential violations.

Be sure to update and patch software regularly – Some of the most significant cyber attacks in history have come from a lack of software updates, such as the 2017 Wannacry ransomware attack, which affected about 230,000 devices in 150 countries.

Avoid weak passwords – Although this often seems like a given action, research has shown that many employees still use basic passwords. Employees need to be made aware of this predominance.

Take protective equipment – Although not all attacks are possible, protective equipment is an integral part of the defense line. Security Information and Event Management (SIEM) tools; Technologies used to identify threats, compliance and security incident management by analyzing data sources and security events can assist the workforce. Using a set of understandable tools, the staff enjoys the use and assists the armor to attack.