Threat actors will always find bad uses for new technologies, and AI is no exception. Attackers primarily use AI to improve the volume and speed of their attacks. They also use technology to make phishing communications more believable with good grammar and context-aware personalization.
As cybercriminals use new technologies to improve their operations, it is no longer a matter of “if” an organization will be breached but “when.” It’s no surprise that nearly 90% of organizations have experienced one or more cyber incidents in the past year. When a breach occurs, the numbers are bigger than ever: 63% of managers indicate it took more than a month to recover from an attack, and 53% say the breach cost them more than $1 million in revenue, fines, and other costs.
While a cyber incident is rarely the result of a single cause, security and IT leaders agree that several factors increase the likelihood of a business experiencing a breach, including a lack of general security awareness among employees (56%).
Organizations predictably emphasize security and the role of IT teams in protecting business assets, but an equally important but often overlooked component of risk management is employee cyber awareness. Malware, phishing, and web attacks account for 80% of all attacks throughout the year—these types of attacks all target individual users directly. Employees can act as a strong first line of defense against attacks but only when they are equipped with the right information, which puts cyber security training and awareness on the table.
Managers are concerned that employees will become victims of AI-influenced attacks
According to a recent Fortinet study, more than 80% of organizations have security awareness training programs in place. However, as technologies such as AI become increasingly popular and attackers use them to improve their tactics, managers must ensure that their organization’s cyber awareness programs cover current topics. This is especially important as cybercriminals use new technologies and emerging threats.
Many executives are concerned about the impact of AI on cybercrime, and more than 60% of leaders expect their employees to become victims of attacks when threat actors use AI. This awareness, for the most part, prompts action. Almost all (96%) of those surveyed said their security teams are researching, implementing, or already have incident response programs focused on mitigating AI-related threats. To help employees become more aware of the Internet, leaders indicated that preventing phishing has become part of their training programs and programs. Leaders prioritize data security (48%) and privacy (41%) in these programs as well.
Cyber training and awareness programs are critical to risk management
Regular training and awareness are essential to building a culture of cyber awareness. There is no one-size-fits-all approach to cybersecurity awareness and education, and each business must create a program that meets its unique needs. Some organizations have the internal resources needed to create and maintain their own online learning programs, while others choose vendor-created, SaaS-based training programs.
Research shows that 96% of managers believe that more organization-wide training and awareness will help reduce cyberattacks, and an overwhelming majority (89%) say their organization has seen some improvement in its security posture after implementing security awareness and training. This awareness undoubtedly benefits businesses but is also important for employees in their personal lives.
Considerations for a successful Internet awareness and training program
Whether administrators are developing a new online teaching effort or revamping an existing program, there are important factors to consider that will increase the chances of the project being successful.
- Explain the objectives of the program. Leaders often think that introducing a security awareness program will automatically change user behavior, but this is rarely the case. Creating and communicating a plan’s vision is critical to getting buy-in across the company. Employees will be more responsive and enthusiastic about the effort if they understand their goals and how the training will benefit them.
- Identify champions throughout the organization. While the organization’s CISO may lead the effort, identify other leaders throughout the company to serve as program champions. Find ongoing opportunities, such as hands-on meetings, for these people to share their perspective on why the campaign is important.
- Keep updating and refreshing the content. As new technologies and new threats emerge, it is important to periodically review program content to ensure that relevant topics are covered. While all programs should address key areas of concern—such as phishing, social engineering, data privacy, and more—every business will need unique educational materials based on industry- and organization-specific needs.
- Creating a culture of cyber security. Cybercriminals are only scratching the surface when it comes to using technology like AI to their advantage. Security awareness and training programs provide an important way to stay ahead of these adversaries.
As the threat landscape evolves, security and IT teams will increasingly need to work together across the organization to effectively protect the business. Creating a culture of cyber security based on cyber awareness is one of the best—and most effective—defenses against sophisticated attackers and emerging technologies.
Read more about Fortinet Cloud Security Solutions.
Source link