Based on a report from IBM, human errors were the main reason for 95% of successful cyber attacks. That is why security awareness is so important.
Let’s learn how we can be more secure in our daily #FromZeroToHacker challenge.
| Table of contents |
| Introduction |
| What have I learnt today? |
| Stats |
| Resources |
Introduction to Security Awareness
Based on a report from IBM, human errors were the main reason for 95% of successful cyber attacks. Forget about vulnerabilities, bad credentials, etc: Most of the time, people are the main threat to the security of a business.
Therefore, being more security-aware will help mitigate potential threats and risks.
What have I learnt today?
Why security awareness is essential
Remote working is pretty common nowadays, and many spend most of the time working on their personal computers, increasing the risk of being a primary target for cyber security attacks.
Security breaches can cost a company millions of dollars. Based on an online report, the average cost of a data breach is $3.86 million. But it also damages the reputation and trust of customers and partners.
Security awareness training helps with:
- Preventing data breaches.
- Minimizing and reducing risks and threats.
- Improving IT defences.
- Improves customer confidence.
Based on a study from a prestigious organisation which I won’t link because their study is good but riddled with links trying to sell us their services, the effectiveness of security awareness training is:
Data and account security
Sensitive data can be in many different forms. For example, HR has de details and information of employees, while finance has the credit card and bank account details of customers. A data breach affects not only the business but its clients, workers and customers.
This diagram illustrates the top 10 breaches by some of the large companies in history:
Check if you’ve ever been part of a cyber breach
The impact of cyber-attacks increased during the pandemic due to the increase in home working. The consequences of a successful cyber attack are:
- Legal penalties (lawsuits and GDPR).
- Reputational damage.
- Disruption to trading.
- Financial loss.
- Loss of sensitive data.
Criminals use the information found in data breaches to perform targeted social engineering attacks or phishing campaigns. Have I been pwned? is a website that keeps track of data breaches and leaked information. Search your email or phone number, and it will reveal if your personal information has been leaked.
Shit, seems like I have things to do after doing this post…
Cyber threat actors
Cyber threat actors are individuals or groups of people who aim to take advantage of system security weaknesses to compromise and gain unauthorised access to victim data, computers and networks:
Summary
Things we learned today:
- How important and what security awareness is.
- Data and account security.
- How to check if we have been part of a cyber breach.
- Cyber threat actors.
Stats
From 67.206th to 66.768th.
Here is also the Skill Matrix:
