Cyber attacks are a real threat to companies and organisations of all types and sizes. With the use of AI, threat actors are now able to initiate attacks that are both larger in scale and harder to detect. And although many companies are increasing their investments in technical security and reviewing their security procedures, perhaps the most important part of cyber security remains: that all employees are aware of the risks and have a security mindset in their everyday worklife.
– Safety is all about behaviours, says Gustav Berghog. Security is not something you have, it is something you do. Therefore, training that reinforces the right security behaviors is absolutely crucial.
Awareness is needed all year round
The European Cyber Security Month in October is a campaign aimed at creating greater focus and commitment to cyber security. A good initiative, says Gustav Berghog, but far from enough. Raising awareness through a limited-time campaign will not create the long term effects needed to strengthen resistance to the increasing cyber-attacks.
– We need to stop viewing cyber security training as individual events, and instead see it as an ongoing process, says Gustav Berghog. Just because I got a lecture on phishing in October, doesn't mean that I will be paying attention if a phishing email arrives a couple of months later.
Data breaches put companies out of business
The costs of data breaches are huge and rapidly increasing. For small and mid-sized companies it can even lead to complete bankruptcy in the worst cases. Gustav Berghog and Junglemap sometimes encounter the view that smaller companies aren't targets for cyber attacks and therefore do not need to prioritise their cyber security. This is a misconception.
– Today's supply chains mean that all subcontractors become part of the digital vulnerability of larger companies, says Gustav Berghog. Therefore, companies of all sizes must review their cyber security. An important first step is to strengthen your human firewalls.
