Human error is still one of the most common causes of cyber attacks, according to a new study from Nixu.
According to the study, more than a third of all cyber attacks involve internal actors and more than a third included social engineering.
Many violations result from inadequate safety hygiene and a lack of attention to detail. Social engineering is becoming more and more sophisticated and therefore effective. Organizations of all sizes should pay attention to human error and cybersecurity training.
“However, most companies do not adequately train their employees on security issues,” says Anu Laitila, head of cybersecurity awareness activities at Nixu.
Together with her team, Laitila creates security awareness activities and programs for companies and organizations from various sectors.
Awareness campaigns can include lectures, exercises, games, blogs, or any type of engaging content. The trigger can be anything that will help people remember safety actions.
“We even created an escape room experience concept for employees,” explains Laitila.
The European cybersecurity company has started a cooperation with one of the largest security awareness training platforms in the world, KnowBe4, which continuously trains company employees in the identification of phishing and of social engineering.
A complete tool to boost learning
In its services, Nixu uses advanced tools to improve awareness in various ways, depending on the needs of its client organizations. One of the largest integrated security awareness platforms is KnowBe4 which contains the world’s largest library of security awareness content including automated training campaigns, mock phishing attacks and a wide range content in different formats. The company has created a television series called “The Inside Man” which covers various aspects of social engineering.
With the KnowBe4 platform, CISOs can create automated and ongoing awareness campaigns and follow up with those who need an extra helping hand.
Campaigns can also be targeted at a specific department, such as the human resources or finance team, and help design a personal learning path for them.
It is also possible to use groups according to their learning levels. Reports provided by KnowBe4 support the development of cybersecurity programs and common business practices. Risk managers, IT managers, development managers, or other managers with strategic roles can see the current state of staff security maturity.
Enter a new era of security
Cyber security has long been seen only as a technical issue. With many unfortunate cybersecurity incidents, breaches, and the ever growing trend of social engineering, businesses are starting to see the big picture and the human factor that surrounds it.
“Businesses should invest in the technical side – security operations centers, software and application security, identity and access management, to name a few – but the palette is not full. until a good safety awareness program is running, ”says Laitila.
“And that goes for businesses of all sizes. The culture change in business is happening and pioneering organizations are quickly adopting new work habits.”