How Often Should Companies Run Cybersecurity Training?
Cybersecurity risks have never been greater; 2020 broke records for cybercrime and ransoms paid because of it! Phishing was the main crime with a 600% increase in email volume. The sudden shift to remote operations, extended lock downs and hybrid working policies meant businesses have been increasing their email platforms. Approximately 306.4 Billion emails were sent and received each day in 2020, and is estimated to increase to over 376.4 billion daily by 2025 – its estimated 6 billion of these emails were fake and sent to companies daily in 2020.
Phishing campaigns went from generic attempts to skilled impersonation schemes, but nothing matched the danger and frequency of Ransomware. IBM reports that one in ninety-nine emails a business receives is a phishing attempt.
These attacks use various techniques to gain information such as social engineering to persuade targets into acting. The top technique was a bogus social media request – 85% of companies targeted were hit with a social media request in 2020. Spoofing and corporate impersonation plagued businesses as the constant stream clogged up inboxes.
What’s the point? It means for your business a huge number of phishing emails are heading your way – everyday. Phishing risks are only increasing, especially with Ransomware, which is up over 300% in the same period of 2020. This, coupled with the 22 billion new records dumped within the dark web data markets and dumps for sale, is allowing cyber criminals plenty of opportunity to mount dedicated spear phishing attacks.
Every industry is now at risk; one mishandled email can cause a cybersecurity disaster. It’s estimated that 97% of employees in a wide array of industries were unable to recognize a phishing email. How can you mitigate this risk? Increase your cybersecurity awareness training! This would include phishing resistance, however, unfortunately, 62% of companies don’t perform any cyber training.
In a UK Study on companies running phishing simulations, researchers discovered that 40-60% are likely to open a malicious link or attachment. However, the study also showed that consistent cybersecurity awareness training made a huge difference in employee behavior when considering emails. Those that had 6 months of training in a follow up test had a 25% decrease in click bait; further and more constant training produced a greater drop with only 10-18% opening emails.
The odd few courses for employees aren’t enough to instill the cybersecurity awareness. Running training courses regularly is vital to gaining and keeping awareness. In a report from Accenture, the characteristics of a cyber resilient organization detailed the ideal number of courses at 11 per year (or just under one a month). This prevents the information being forgotten and keeps new topics and threats in employees’ minds.
Why so frequent? A Usenix study found the knowledge and behavior gained from the courses were lost with ‘skill fade’ and forgotten over time. In the study of cybersecurity retention employees went through a single training course and were then tested at monthly intervals with the conclusions being that the further the time elapsed the less knowledge retained. With phishing campaigns aimed at capture and release of your employees and a security awareness training program designed around your company and employees from HMH Consultants, that is both effective and cost-effective, this is the proven way to protect your business. This includes a host of features aimed at trainers and trainees, including a portal that is personalized to your company. This also comes with 7 languages and over 100 premade plug and play phishing simulations and awareness training to reflect actual threats the employees face every day.