Despite the 17th anniversary of Data Protection Day and the 42nd anniversary of the Data Protection Treaty, personal information is still very popular among cybercriminals. It is easy for them to obtain this data.
There is not a day when a company is not hacked somewhere in the world, and the data of individuals is not leaked somewhere. With the increasing number of cyber attacks on hospitals, countless patient data is unprotected on the Internet. Cybersecurity firm Upguard has listed some of these largest data breaches on its blog. In all, more than 38 million pieces of information have been stolen from hospitals in the United States alone since 2011. In this country, similar incidents in hospitals recently made headlines in Libby. Despite the increasing demands on data protection and data security – and rightly so – the security community is unable to protect sensitive information.
The problem is less a lack of enforcement of regulations and more a lack of security awareness among employees that IT security professionals face, who have to manage and secure more and more IT systems and applications. In our SANS 2022 Security Awareness Report, author Lance Spitzner notes that humans have become the number one attack vector for cyber attackers around the world. The people who pose the greatest risk to organizations are no longer technology, the report says, but security awareness programs and the professionals who run them are the key to managing these human risks, it says. Security awareness programs empower security teams to effectively manage human risk by changing the way employees think about cybersecurity and helping them demonstrate safe behavior, from the boardroom to the employee.
The following three tips will help security managers when training employees:
- Phishing resistance: Phishing is a form of Social engineering, which uses emails, social media posts, or a direct messaging service to trick users into clicking on malicious links, eventually resulting in unintentionally revealing personal information or downloading an infected attachment. The rise of digital networks has increased exposure to this type of hacking technique. Security awareness trainers should provide courses on how to recognize phishing. Especially in times when AI and chat bots are helping cybercriminals, this measure is perhaps the most important of all.
- Password cleaner: On average, two out of five people had their digital identities stolen, passwords misused, or sensitive information was exposed because they used duplicate or weak passwords. Therefore a training measure on password hygiene is more than appropriate and should be an integral part of any security awareness training. Here participants are shown how to create secure passwords and not just change them at the minimum level for each service.
- Device locks: Digital devices such as smartphones and tablets have become an important part of everyday life, which means that there are more points of attack for malicious actors than in years past. When users lock their devices and keep software updated, it becomes more difficult for attackers to hack into these devices.
Anne Leeson, Director of Business Development at the SANS Institute, www.sans.org
“Subtly charming coffee scholar. General zombie junkie. Introvert. Alcohol nerd. Travel lover. Twitter specialist. Freelance student.”
More Stories
Windows 11: Update brings ads in start menu
Voyager 1 is once again sending data from deep space
Photoshop AI Firefly gets the functionality of converting text to image