2017 was a dumpster fire of privacy and security screw-ups. To start 2018 with a simple, effective, IT security strategy is an excellent New Year's resolution and helps your CEO to keep their job. Better yet, thousands of your peers will tell you this was the best and most fun IT security budget they ever spent... hands-down. This list is the high-power ammo you need to get budget and roll out new-school security awareness training, ideally right now.
Here are the Top 5 reasons...
- Social Engineering is the No. 1 go-to strategy for the bad guys. Unfortunately, their time is money too. Why spend 2 months of research uncovering a 0-day when you (literally) can create an effective spear-phishing attack in 2 hours? They are going after the human—the weakest link in IT security—and your last line of defense.
- Ransomware is only going to get worse in 2018. Email is still their favorite attack vector, and their sophistication is increasing by the month. The downtime caused by ransomware can be massive.
- Compliance requirements for awareness training are being sharpened up. Thinking that today you can get away with a yearly one-time, old-school awareness training session is whistling past the graveyard. A good example is May 25, 2018 when enforcement actions for GDPR begin. We have compliance training for GDPR ready in 24 languages.
- Legally you are required to act "reasonably" and take "necessary" measures to cope with a threat. If you don't, you violate either compliance laws, regulations, or recent case law. Your organization must take into account today's social engineering risks and "scale security measures to reflect the threat". Don't trust me, confirm with your lawyer, and next insist on getting budget. Today, data breaches cause practically instant class action lawsuits. And don't even talk about all employees filing a class action against your own company because your W-2 forms were exfiltrated with CEO fraud.
- Board members' No. 1 focus today is cyber security. Some very pointed questions will be asked if they read in the Wall Street Journal that your customer database was hacked and the breach data is being sold on the dark web. Once it becomes clear that your organization did not deploy a simple, effective strategy that could have prevented this, a few (highly placed) heads will roll. Target's CEO and CISO are just an example. Help your CEO to keep their job.
The good news is that we can help. Click to learn more about our Cyber Security Awareness Training here: https://www.pinkhattech.com/cybersecurity-staff-training/