The statistics on identity theft are, frankly, pretty scary. According the US Department of Justice’s Bureau of Justice Statistics, in 2014 alone 17.6 million Americans were the victims of identity theft, meaning the unauthorized use or attempted use of an existing account, unauthorized use or attempted use of personal information to open a new account, or the misuse of personal information for a fraudulent purpose.
And that’s just personal identity theft. Then there are the gigantic corporate data hacks that make the headlines. Some of the biggest recent years are truly mind-boggling, including retailers Home Depot (56 million records) and Target (70 million records), health insurer Anthem (80 million records), bank JP Morgan Chase (76 million records), and Ebay (145 million records).
The Cyberthreat Defense Report for North America and Europe released in 2015 revealed that 71% of organizations were the victims of at least one successful cyberattack, although not all of them are as huge as the ones cited above. Even more disturbing is that in 2014 the average cost of a corporate data breach was $3.5 million.
What causes the biggest day-to-day headaches for companies in terms of IT security? Here’s the top three:
- Phishing. This is when people pose as a trusted source in order to trick you into giving up sensitive data about yourself or your company.
- Malware. Short for malicious software, it’s code written specifically to damage or disable computer systems. It includes viruses, worms, spyware, and so on.
- Zero-Day Attacks. This is when a vulnerability or hole in a software system is exploited by hackers before the developer knows about and can fix it.
How can this still be such a problem for so many? What stands in the way of solving these issues? The number one barrier to protecting companies against cyberattacks continues to be lack of security awareness among employees. Perhaps not surprisingly, the runner up to that is the lack of a robust security budget. But it’s the rank-and-file employees that are a real cause for concern. In fact, when you ask the IT security professionals, a mere 20% of them feel confident that organizations have invested enough resources into training employees how to recognize and avoid phishing attacks.
Companies do need to do more. After all, a third of all companies don’t even have a WISP (written information security policy), and a third also lack any kind of crisis response plan for when something does go wrong. And among those companies that do have such plans, half of them never run any “fire drills” to see if their plans would work. How many companies conduct full-network vulnerability scans more than once every three months? Less than 40%, which is astounding when you think about it. Everyone can do more.
In this brave new digital world in which we live, it’s more important than ever that everyone have a solid understanding of how to protect one of your most valuable assets – your information, whether at home or at work. That’s why eLeaP wants to make sure you know about its Information and Security Awareness course (ID: ITSC010). It’s a security awareness certificate program designed to introduce all the essentials about information protection based on international best business practices. You’ll start off by taking a quick pre-course assessment to see what you know, which also serves as a great preview of the course content. Then you’ll go through all the core content of the course, including a very practical look at the top ten security-related issues facing each of us as computer users, and more importantly how we can respond to them. At the end of the course, you’ll take a quick post-assessment, and if you score well enough, you’ll receive a certificate of security awareness to show you’ve got the basics down pat. Sign up now for a free preview of this course.