Cybersecurity Training - #1 Weak Link

In a recent LinkedIn poll, roughly (60) customers were asked which of the following (4) cyber-security elements were considered “weak-links” in their organization.  (25) people responded (about 42% - THANK YOU – anything above 10% is considered a success!). Respondents represented the following business sectors: Construction, Government, Healthcare, Manufacturing, Retail Sales, Finance, Petroleum, Utilities

Below are the results:

Cybersecurity Training – 36%

Ransomware Table-top Exercises – 28%

24x7 cybersecurity monitoring – 20%

Regular risk-based patching – 16%

The chart below depicts the four categories sorted by number of votes, along with a ranking for time, cost, and efficacy (scale 1-3 with three being highest). 

Based on this data, cybersecurity training is identified as the #1 weak link, however it’s the lowest cost, requires the least amount of I.T. admin time, and has a very high efficacy when it comes to overall prevention. No surprise there, the #1 threat vector in today’s cybersecurity world continues to be end-users (“But it was just a link an e-mail – I thought you guys protected us from that? And I thought I was logging into a Microsoft site – it looked just like it...”). The good news is, there are a number of solutions on the market today for automated systems that regularly test and assess the cybersecurity strength of your users – however it takes effort either on the part of the I.T. team or a 3rd party to run these tests and report on results. Some companies have gamified this category with high dollar gift cards for team members perform at the top of cyber-testing. If you aren’t doing this today then move it to the top of the list – it truly makes a difference. If you work in a plant around dangerous machinery that could maim your body you get extensive safety training – businesses today are slowly starting to realize that every user should have cyber-awareness training no different than any other safety training they have been doing for years.  

Table-top exercises came in at #2, the cost for these is minimal, they don’t take a lot of time, but from a prevention standpoint they don’t do much. Table-top exercises however can give valuable insight into other areas of the organizations cyber-security strategy that should be examined by walking through a hypothetical ransomware or extorsionware scenario. Oh you haven’t heard about extorsionware? – yeah that’s the latest keep you awake at night misery – hackers don’t lock you out of your network they just steal your data and then threaten to release it – your company has no choice but to respond – often utilizing risk policies for payouts.  As an admin you have to answer VERY hard questions about how Russian hackers acquired all your data – oftentimes culminating in a RGE (resume generating event) or worst case scenario CEM (career ending maneuver).  

24x7 cybersecurity monitoring ranked #3 – cost can be high (compared to others on this list), however efficacy also ranks high due to increased visibility and the ability to have others intervene on your behalf when there are anomalies on your network (i.e. Susan’s machine in accounting starts trying to communicate with every IP on the network at 2:00a.m. on a Sunday). Initially I.T. time can be quite high as teams remediate existing issues due to better visibility – over time that will trend down, but I.T. security teams will work with monitoring companies on a regular basis to run down threats. Companies that provided 24x7 Managed Detection Response & Managed Risk have better tools, trained admins, and give you better dashboards than you can build & administer on your own – no reason to reinvent the wheel here. 

Risk-based patching came in #4 – interesting because this is a category where I constantly hear customers express their shortcomings – maybe everyone was too frightened to admit fault here? Regardless, patching can be expensive depending on your tool-set and very time consuming especially when other departments are involved or if patching drives significant investments in software & hardware. However, many post-incident RCAs point back to a system(s) that would not have been affected had they been updated.

CMA offers expertise in all four of these areas – contact us today and we can help you strengthen your cybersecurity posture – “We’ll get you there!”.