In August of 2017, Netwrix released results of a survey noting that 100% of government entities see their own employees as their biggest IT threat. This isn’t news to anyone following cyber exposures and risk management. Employees, people really, represent the biggest weakness because of the position they have to access the systems. This isn’t at the basis of some concern over malice, either. The concern isn’t a rogue employee, the concern is an unwitting employee opening an attachment, responding to an inquiry, clicking a link or visiting a website.
There are no easy ways to work on prevention of these exposures, as it requires ongoing and intentional training. It also requires a consistent “chunking” of information to make it easy for employees to understand, but also to implement easily in their daily workflow and processing. While some IT resources can help (such as flagging external emails or scanning in-bound messages), it is not fully foolproof, and fraudsters depend on that for their schemes to be successful.
Kaspersky Labs puts the average security breach cost at $86,500. The attack that hit Atlanta cost far more than that. Rules for disclosures vary by jurisdiction, but notification requirements alone can reach thousands of dollars easily, without any real breach having occurred to require system restoration. There are a number of tools that can help, such as the Wombat Security Education Platform, which helps an organization to implement, track and consistently train employees. Other vendors offer similar services that provide training, which can be offered in an on-going and on-boarding manner to help reinforce a culture of cyber-awareness and response.
Developing a training program, and reinforcing training across an organization can help change behavior and reduce threats, as employees become more aware and better trained to evaluate potential threats. Every organization will be a target of the threats, and having a well-trained staff is critical to an effective offense. Thinking that an organization is immune, or that IT systems are too strong to be fooled is a false-hope. The reality is that the crime is escalating in sophistication and reach, and it’s only a matter of “when”, not a matter of “if” for something to happen.
Make Sure Your Financial Institution Clients Have the Right Coverage
Contact any one of the FI insurance experts below for help in making sure your FI customers have the right coverage from a strong, stable company!
|VP Sales and Distribution/Great Plains Region
|Great Lake Regions
The post The Not-So-Cyber Exposures of Cyber Exposures appeared first on Berkley FinSecure.