Kaspersky Cybersecurity weekend Part 3: Winning the war through awarenessBy Ryan Noik 10 May 2019 | Categories: Corporate Events
Even as much attention was paid to laying out the cyber threat landscape and demonstrating the vulnerability in IoT devices, like drones, at the recent Kaspersky CyberSecurity weekend, the answer to the threats we face is not to become technology averse.
Rather, the company detailed how the growing threat is better handled by becoming considerably more cybersecurity aware and creating a security conscious culture.
It is a topic that Kaspersky's head of awareness marketing Elena Molchanova elaborated on in depth, both in her presentation and in our subsequent interview with her. She began by pointing out that the weakest link in the cybersecurity chain is neither software nor hardware, but people within companies themselves who are often responsible for the majority of cyber attacks that a company, whether small or large, becomes susceptible to.
Counting the costs
The cost of this vulnerability is staggering. “According to Kaspersky’s statistics, the cost of Bring Your Own Device (BYOD) incidents amounted to $801 000 per enterprise, due to inappropriate sharing of data via mobile devices. Malware infection of BYOD devices cost enterprises an average of $664 000,” she noted. And the pricetag for the physical loss of a device with corporate information on it? Almost half a million dollars ($489 0000 per enterprise).
Add this to the fact that more than a third (35%) of all businesses experienced BYOD related incidents in 2018, and it’s little wonder that 52% of companies regard employees as the biggest threat to corporate cybersecurity.
Molchanova also shared that according to one of its surveys, 60% of employees have confidential data on their corporate device, such as financial data and email databases. And yet, 23% of organisations do not have any cybersecurity rules and policies in place with regards to corporate data storage.
Elena Molchanova, head of awareness marketing at Kaspersky Lab
ASAP - right now
To address this weakest link, the company has launched its cleverly titled Automated Security Awareness Platform (ASAP), which shares the acronym with its usual usage for ‘as soon as possible’. The platform delivers gamified awareness lessons, that lead participants through an array of scenarios they probably will encounter at work and at home. One of the examples given was receiving an email seemingly from one’s bank requesting them to confirm their account details – with the senders email address quickly revealing it was a phishing attempt.
Molchanova explained that the platform has a variety of levels and is intended to help participants gradually increase their cybersecurity awareness, with each module building on the last. She stressed that the aim isn’t just to impart knowledge such as what constitutes a strong password versus a weak one, but rather to inculcate cybersecurity awareness habits so as to foster new behaviour patterns in people at companies.
Skills for today and tomorrow
The basis of the platform is to impart cybersecurity skills by learning-by-doing and repeated reinforcement, while highlighting the relevance of the skills learnt to the participant. Furthermore, the platform can also emulate an employee's workplace situation and behavior, so that the skills learnt can be transferred into a real world environment.
The potential is also there for it to be deployed at schools and universities, with the aim being to teach cybersecurity awareness alongside digital skills, like programming or data analysis.
But, often it’s not digital savvy children, or even those in the workforce who are the most vulnerable targets for cybercriminals. Rather, it is the older generation who have not grown up with technology and to whom interacting with digital platforms is not second nature. What of them?
The most vulnerable among us
Molchanova noted that in many cases, it is the Baby Boomer generation who become the target of financial fraud in particular. Added to this the fact that they are the same generation who tend trust digital correspondence too easily, and get burnt for it. At the event, Kaspersky Lab showed some heartbreaking stories of just this, with some pensioners losing their life savings to fraudsters.
For them, it almost begs for a community centre type environment where retirees and pensioners can gather and learn the basics of cybersecurity awareness, so as to be able to become less vulnerable targets when they are communicating or transacting online.
“The good news is that the retirement age is quite high in developed countries, so even if you are in your late sixties you will most likely be exposed to cybersecurity awareness through your company,” she continued.
Winning through Awareness
Even more good news is that the need for cybersecurity awareness is only growing. Molchanova explained that in years past, her job consisted of convincing companies that they needed cybersecurity awareness programs. Today, she asserted, cybersecurity awareness is the fastest growing sector of IT.
How do you win a war on a foe that doesn’t stop? Kaspersky Lab’s view is by creating a cybersecurity aware culture, where cybercriminals find fewer vulnerable targets, and less entry points, for their schemes moving forward.
Most Read Articles
Have Your Say
What emerging technology holds the greatest potential?