Fortifying your frontline is vital to keeping your business safe from emerging cyber threats. Read on to learn about the importance of cybersecurity awareness in the workplace and how you can deliver training to turn your weakest link into your strongest asset.
Employees are your organization’s first line of defense, and training your employees on cybersecurity is key to bolstering your cyber defenses.
At a time when the volume and complexity of cybersecurity threats are increasing by orders of magnitude, and are expected to cost $6 trillion per year, the impetus is on businesses to proactively educate employees on what’s happening and how to keep safe.
Handbooks containing cybersecurity best practices are a valuable point of reference for employees, but an even better way to learn is through practice. And the safest way to practice is in a virtual environment isolated from your critical systems.
A false sense of security
Many organizations still operate under a false sense of security, thinking a breach is unlikely because they have anti-virus and anti-malware software running in the background.
However, this ‘set and forget’ approach to cybersecurity has proven to be ineffective at eradicating lingering threats and preventing sophisticated attacks. It also doesn’t take into account that security breaches can occur in many different ways, including stolen passwords, device theft, and human error.
In fact, more often than you think, the human is the weakest link. Whether it’s due to habitual information-sharing or limited knowledge of cybersecurity best practices, employees can make mistakes that compromise your infrastructure. For example, they could accidentally forward sensitive information on a private email chain to a third party, forget to keep confidential documents on your corporate server and unknowingly click on malicious links.
Given employees have played such a significant role in cyberattacks recently – 34% of these attacks involved staff in 2018 – it’s particularly important they’re aware of current and emerging threats. For example, thousands of scam and malware sites related to COVID-19 are being created automatically every day targeting remote workers.
Then there was the ransomware worm WannaCry, which spread like wildfire in 2017, costing thousands of organizations in over 150 countries billions of dollars, by some estimates.
IoT is a land of opportunity for hackers
It’s also important to keep in mind that the attack surface is continuously expanding along with the Internet of Things. In fact, there are expected to be 75.44 billion internet-connected devices worldwide by 2025, a fivefold increase from 2015.
Given IoT has delivered measurable improvements in productivity, supply chain efficiency, data and asset utilization and operational costs, it’s no wonder that it’s made its way into nearly every vertical industry to support business processes.
The challenge, however, is that IoT devices are often manufactured with little oversight or regulatory control. They’re Wi-Fi- and Bluetooth-enabled, so purposely designed to connect instantly and transmit information. This means threats like malware can spread from system to system rapidly with no human interaction.
This was seen in October 2016 when along came the Mirai botnet. It exploited hundreds of thousands of vulnerable IoT devices (e.g. smart fridges, lights and TVs) to overwhelm Dyn’s servers and bring down sites like PayPal, Spotify and Twitter.
Given the capability, speed and scale of these types of threats, it’s critical your employees understand the risks of connecting unsecured IoT devices to your corporate network and follow cyber hygiene best practices.
Turn your weakest link into your strongest asset
The key to protecting your organization from threats over the long term is creating a culture of security. A good way to achieve this is by providing regular hands-on cybersecurity training so your employees are aware of their role in keeping your business safe. As Tim Ferris says, culture is “what happens when people are left to their own devices”.
Motivating employees to participate in cybersecurity training can be difficult. However, hands-on learning can break through the many barriers of distraction and empower your staff to absorb, retain and apply knowledge more effectively. The next challenge is delivering practical training in a secure, virtual environment, away from your critical systems.
This is why isolated IT labs are in such high demand. Organizations are already putting them to good use, increasing the volume of security training and malware remediation activities.
With the VMware Learning Platform (VLP), you can set up virtual training labs – isolated from your business systems – where employees learn what threats look like and the steps they need to follow to mitigate risks. They get to access feature-rich training with just an internet connection – no installers or plugins.
To boost knowledge retention, you can implement gamification techniques into your cybersecurity training courses. Challenge your employees to navigate real-world scenarios in simulated environments and reward them for taking the right steps.
Using VLP, you can enjoy the flexibility of choosing to extend your own cloud infrastructure or use a hybrid model with VMware to host your training environments. You also get to access real-time statistics, historical data and detailed reports about your staff’s progress.
If you have an existing security training plan in your Learning Management System, you can even integrate with VLP using the Learning Tools Interoperability (LTI) feature to provide a hands-on experience.
Delivering cybersecurity training in a virtual environment means it’s accessible from any device and location, and requires less infrastructure and other resources to sustain – making it a worthwhile initiative to create a strong culture of security.
Learn how the VMware Learning Platform can help you deliver hands-on cybersecurity training in isolated IT labs to anyone on the planet, at cloud scale.