said their employees are held accountable for cyber security2
is the root cause of most data breaches3
of organisations face phishing and social engineering attacks5
experienced phishing and social engineering attacks last year6
Depending on where your customers are, getting hit with a cyber attack can lead to consequences with the EU, State of California or Singapore. In the last few years, regulatory measures have been implemented to protect personal data, such as the GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act) and the PDPA (Personal Data Protection Act) in Singapore. If you are caught having leaked consumer data, you can be held liable even if you did not do it intentionally.
Knowing the details of the GDPR, CCPA and PDPA as well as training your staff to spot phishing or social engineering attacks can save you from paying harsh penalties.
In Singapore, organisations that breach PDPA may be ordered to stop collecting/using/disclosing the compromised personal data, destroying collected data, and possibly paying up to $1 million in fines7
According to Ponemon’s Ninth Annual Cost of Cybercrime Study, the first step to unlocking cyber security value is to invest in employee education, as people are the weakest link in cyber security. All employee should be trained because all it takes for a company to suffer from a cyber attack is one credential leak.
In a world where just about everything is now online and accessible, teaching employees how to have good cyber hygiene is critical to business continuity and stable operation against cyber threats.
1, 2, 4, 5 Ponemon’s Ninth Annual Cost of Cybercrime Study, 2019
3&6 Ponemon Institute’s 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses, October 2019
7 PDPA – Enforcement of the Act — https://www.pdpc.gov.sg/Overview-of-PDPA/The-Legislation/Enforcement-of-the-Act
Phishing and social engineering are problems that are not going away anytime soon. Companies should begin implementing regular, routine training programs to reinforce skills for detecting and avoid interaction with these scams. Doing this training once will not cut it. Training should be done regularly to see trends of improvement or stagnation amongst employees. Without repeated training, there is no way to identify if the problem is getting better or worse.
An effective test involves a realistic first-hand spear phishing campaign. We achieve this by offering various templates and customisations to craft emails that are related to your organisation’s functions and needs, creating a simulated and authentic phishing experience.