50% of UK businesses experienced a cyber attack over the last year, but despite this, 73% of UK employees admit to having not received cyber security training in the last 12 months.
Using global search data from AHrefs, the experts at application security SaaS company Indusface have provided their specialist insight to answer businesses around the world’s top five questions and concerns about cyber security in the workplace.
RELATED: Westcon-Comstor boosts profitability amid cybersecurity growth and software shift
Venky Sundar, Founder and President of Indusface, answers workers’ top concerns over cyber security:
-
“Why is cyber security training so important for business?” (Av. 960 yearly global searches)
Similar terms: “Cyber security for business” (Av. 31,800 yearly global searches)
“With data breaches costing businesses an average of $4.45 million globally in the last year, it raises the question of just how critical it is for organisations to provide employees with comprehensive training on what constitutes sensitive data and how they can protect it, as well as what is at stake if they do not adhere to the policies.
“And training doesn’t have to be monotonous, for example setting up phishing email simulators to engage the team and allow them to see the potential dangers in action. These simulations show how quickly and easily attacks can happen, helping employees develop practical, hands-on skills for spotting suspicious activity.
“Cybersecurity threats evolve constantly, so training should be regular, not a one-time event. Regular training and guidance will ensure that employees receive tailored guidance on securing their work equipment, home offices, use of VPNs, and recognizing the unique threats posed by both in-office and home working environments.”
-
“How is AI used in cyber security?” (Av. 23,400 yearly global searches)
Similar terms: “Cyber Security AI” (Av. 15,600 yearly global searches)
“The biggest problem with security software, especially website and API protection is the prevalence of false positives. False positives are when legitimate users are prevented from accessing an application. So notorious is this problem that 50%+ businesses worldwide have implemented WAAP/WAF solutions and left them on log mode. This means that attacks go through the WAF and they are at best used as log analysis tools after a breach.
“Effectively using AI can help with eliminating or reducing false positives to a bare minimum and encourage more businesses to deploy WAFs in block mode.
“The other problem with security software is letting an attack go through. These are also called false negatives. Using AI on past user behaviour and attack logs can effectively prevent any attacks that don’t conform to typical user behaviour.”
-
“How can you protect your home computer?” (Av. 6,000 yearly global searches)
Similar terms: “Home cyber security” (Av. 7,800 yearly global searches)
By 2025, approximately 22% of workers will work remotely. But with such a significant increase in remote roles, how can employers ensure their employees’ home computer remains protected?
“Remote working means people are working in less secure environments and their devices are more exposed to data breaches both digitally and physically. Many remote workers are using the same device for professional and personal use, or even accessing company data on devices shared with other household members.
“Employers should ensure strong password management, including using automatic password generators that create extra secure passwords, and never duplicate these across accounts. Multi-factor authentication also provides a secure method of verifying your identity, making it harder for hackers to breach any accounts. Limiting what could be accessed on official devices is also important in thwarting attacks.
“That said, installing an endpoint security software like antivirus, keeping it updated should be able to protect most computers, unless you fall victim to an advanced phishing attack.”
-
“What percentage of breaches are human error responsible for?” (Av. 1,080 yearly global searches)
Similar terms: “Human error cyber security” (Av. 4,560 yearly global searches)
“According to data by Indusface, 98% of all cyber attacks rely on human error or a form of social engineering. Special engineering breaches leverage human error, emotions and mistakes rather than exploiting technical vulnerabilities. Hackers often use psychological manipulation, which may involve coaxing employees to reveal sensitive information, download malicious software or unknowingly clicking on harmful links. Unlike traditional cyberattacks that rely on brute force, social engineering requires direct interaction between attacker and victim.
“Given that human error can be a major weak link in cyber security, the best way to prevent these attacks is to put in place education and training on the types of attacks to expect and how to avoid these. That said, implementing a zero-trust architecture, where request for every resource is vetted against an access policy will be paramount to stopping attacks from spreading even when a human error results in a breach. Also, make sure that the applications are pen tested for business logic and privilege escalation vulnerabilities so that the damage is minimised.
“Basics such as standard best practices across the board, secure communications, knowing which emails to open, when to raise red flags and exercising extreme caution when accepting offers will go a long way in preventing human errors that lead to breaches.”
-
“What are the top 3 targeted industries for cyber attacks?” (Av. 360 yearly global searches)
Similar terms: “Top industries cyber attack” (Av. 2,040 yearly global searches)
“According to EC University, manufacturing, professional / business and healthcare are the top 3 targeted industries.
“The manufacturing sector leads the world in cybercrime incidents according to Statista (2023). Attacks on the industry include halting production lines, to the theft of intellectual property, and compromising the integrity of supply chains.
“The professional, business, and consumer services sector has also become an attractive target for cybercriminals due to its heavy reliance on sensitive data. Confidential client information and business insights are often targeted, leading to significant financial losses and damage to brand reputation, and client relationships.
“A breach in the healthcare industry can have dire consequences, from compromising sensitive patient data to disrupting critical medical services. Given the high value of medical records on the black market, there is an urgent need for stronger cybersecurity measures to protect both patient privacy and the integrity of healthcare systems.”
*Global search data taken from AHrefs, correct as of October 2024. View full data here.
Credit: Induface