said their employees are held accountable for cyber security2
is the root cause of most data breaches3
of organisations face phishing and social engineering attacks5
experienced phishing and social engineering attacks last year6
Depending on where your customers are, getting hit with a cyber attack can lead to consequences with the EU, State of California or Singapore. In the last few years, regulatory measures have been implemented to protect personal data, such as the GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act) and the PDPA (Personal Data Protection Act) in Singapore. If you are caught having leaked consumer data, you can be held liable even if you did not do it intentionally.
Knowing the details of the GDPR, CCPA and PDPA as well as training your staff to spot phishing or social engineering attacks can save you from paying harsh penalties.
In Singapore, organisations that breach PDPA may be ordered to stop collecting/using/disclosing the compromised personal data, destroying collected data, and possibly paying up to $1 million in fines7
According to Ponemon’s Ninth Annual Cost of Cybercrime Study, the first step to unlocking cyber security value is to invest in employee education, as people are the weakest link in cyber security. All employees should be trained because all it takes for a company to suffer from a cyber attack is one credential leak.
In a world where just about everything is now online and accessible, teaching employees how to have good cyber hygiene is critical to business continuity and stable operation against cyber threats.
1, 2, 4, 5 Ponemon’s Ninth Annual Cost of Cybercrime Study, 2019
3&6 Ponemon Institute’s 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses, October 2019
7 PDPA – Enforcement of the Act — https://www.pdpc.gov.sg/Overview-of-PDPA/The-Legislation/Enforcement-of-the-Act
Phishing and social engineering are problems that are not going away anytime soon. Companies should begin implementing regular, routine training programs for employees to reinforce their skills to detect and avoid interaction with these scams. Doing this training once will not cut it. Cyber security awareness training should be done regularly to see trends of improvement or stagnation amongst employees. Without repeated training, there is no way to identify if the problem is getting better or worse.
An effective test involves a realistic first-hand spear phishing campaign. We achieve this by offering various templates and customisations to craft emails that are related to your organisation’s functions and needs, creating a simulated and authentic phishing experience.
An organisation’s employees are its first line of defence against cyber threats such as phishing. They are the ones who have the most direct access to company data and systems. As such, they are in a unique position to unwittingly expose the company to risk.
However, simply telling employees to be on the lookout for suspicious emails is not enough. Phishing simulators like our Phisherman Alert! campaign can provide a hands-on way for employees to better understand how these scams work and how to avoid them in the future. You can then provide additional training to improve their cyber security awareness. Through frequent trainings, businesses can help to protect themselves from potentially devastating attacks.
In today’s increasingly connected world, cyber security is more important than ever. At CSIntelligence, we take a holistic approach in helping businesses build their cyber resiliency, through our Phisherman Alert! campaign. This service is just one part of our commitment to safeguard organisations of all sizes in the ever-changing digital landscape. Apart from increasing cyber security awareness through phishing stimulators, you can also reach out to CSIntelligence for Endpoint Detection and Response, web application pentesting, forensic IT services and more solutions.
Contact us today to learn more about how we can help you bolster your defences against cyber attacks, starting with effective phishing training for employees.