Data breaches are up over 300%, according to the most recent data available from the South Carolina Department of Consumer Affairs (SCDCA).
With the ever-increasing threat to their businesses, some Upstate organizations are thinking about cybersecurity from a different point of view.
Hackers are attacking organizations every 39 seconds (according to a recent study by the University of Maryland). Just taking measures to try and keep bad actors out of a network is not enough of a security strategy to give business owners peace of mind.
Cyber education offers an increase in threat protection
Anyone who remembers school fire drills will understand the principle of a small-business cyber education program.
A person can’t be expected to know how to respond to an emergency if they’ve never been drilled on what to do.
Cyber education is an additional layer of protection to a company’s current security plan. It includes social engineering training and security awareness training for all employees of the subscribed company.
Business owners who were early adopters to this next-level protection have been pleased with the results. On average, organizations have enjoyed a 40% ROI with regular real-time phishing simulations. Susceptibility has also dropped as low as 5% when employees are well trained in what phishing attempts look like. (Statistics from PhishMe’s Phishing Resiliency and Defense Report 2020).
Phishing is one of the most common types of attacks that threaten a company’s security. During a phishing attempt, a hacker sends emails pretending to be from reputable companies or real employees in order to trick individuals into revealing company information, such as passwords and credit card numbers.
“Phishing emails are the main, initial method of attacking information systems, and with employees being the gateway to a hacker’s success, it follows that businesses should train employees with a formal program to recognize these exploits. Businesses who do not do this are doing so at their own peril,” says Joe Beineke, security systems engineer for PTG Inc. in Greenville.
In addition to using cyber education internally, Palmetto Technology Group (PTG) offers local organizations an affordable and effective cyber education program. Since unveiling the program late last year, PTG has been receiving several new subscriptions every month.
Cybercriminals are getting smarter and craftier
Why are hackers spending 1-5 hours per week keeping up with business trends? So that their attacks can be as realistic and convincing as possible.
Social engineering has become the bad guys’ weapon of choice to try and beat the security monitoring systems that most businesses have in place to stop them.
Here’s how social engineering typically works inside of a hacker ring.
- Hackers research a company’s staff and choose a person that seems most likely to fall for a phishing email.
- They compose a carefully crafted email that purports to be from someone the target knows and seems personally directed at them.
- They time the delivery of their email to arrive when they think the target will be especially vulnerable (early on a Monday morning, late on a Friday, right before a holiday weekend.)
- In the personal message, the hacker tricks the target into giving up a password, clicking on ransomware or sending a wire transfer of company funds to an account that the hackers control.
The level of cybersecurity available to small and midsize businesses has gotten better, too.
The most effective cybersecurity strategies being used by SMBs today includes cyber education as a component.
PTG’s cyber education offers includes regular phishing tests that are engineered to look like the real thing, real-time reporting on which employees at a company are most vulnerable to attacks, and ongoing dark web monitoring, so that companies can receive alerts the moment one of their employees’ passwords gets put up for sale on hacker forums and dark websites.
Upstate organizations that want to learn more about cyber education programs can request a free report from PTG at ptg.tips/cyberedu.