Large enterprise, government, financial, healthcare, cloud and small business networks all have something in common. They are under persistent attack. Network security has been elevated to the C-suite. Budget dollars are pouring into new cyber security technologies to keep networks protected and information secure.
One area that is sometimes overlooked, however is training. Most new non-IT knowledge employees are provided with the technology to perform their jobs and rudimentary training on the computers and applications. Does this training cover cyber safe practices for network attached technology? What about personal devices that may have access to the corporate network? Attackers go after the weakest link. Continue on to see how organizations are shoring up the weakest links.
Start with the Most Vulnerable
According to a quote from Mark Nutburn, Group IT Director at British Assessment Bureau, the older generation of workers are the most likely to fall victim to cyber crime. This group of workers, age 40 to 59, cut their teeth working in a mostly paper business environment. They had little exposure to technology growing up. Therefore, unlike younger colleagues, technology in the workplace is a reality with which they have been required to adapt.
It is particularly important that cyber safety training start with this group. Once initial training is provided, ongoing refresher training and updates should also be included. Network technology is changing rapidly. New cyber threats are being discovered daily. Faster network speeds require more complex intrusion protection and traffic monitoring. Keeping all staff, particularly, the less tech-savvy workers up to date on safe practices can actually reduce the burden on physical network protection tools.
Cyber Knowledge is Critical
Small to medium sized organizations are relatively easy targets for attackers. These companies are less likely to have standardized cybersecurity training throughout their organizations and are, therefore, more vulnerable to attacks. Phishing attacks are the most common as they prey on the uninitiated and allow attackers to gain access to credentials that can be used to defeat physical security tools. For example, a phishing attack may entice an unsuspecting worker to click on a link for a valuable coupon thus gaining access to that persons sign in credentials. Sometimes, the suspect emails may come from what appears to be a friend or colleague increasing the credibility of the offer. Knowing when to click and when to delete is a critical skill that requires training and practice, particularly for those who are not tech savvy.
Employee Cybersecurity Training Checklist
Thanks to an enlightening article in SC Newswire, we are passing along the highlights of “Five ways to see if your staff security training actually works.” You can read the full text in the issue dated 21 July 2021 here:
Identify Skills Gaps
Test Your Employees
Analyse the pass and failure rates of tests
Create a compliance culture
The article concludes with an important note. Complacency is the enemy. Even after training and testing, the importance of safe cybersecurity practices must be reinforced constantly.
Support Training with Proper Tools
While employee training is a critical component of sound cybersecurity practice, it must be supported by a technology suite of monitoring and security tools encompassing visibility strategy, intrusion protection and data loss protection.
The foundational elements of a visibility architecture are TAPs and Packet Brokers. TAPs provide save, non-intrusive connectivity to the strategic tools that monitor, analyze and protect your network. Packet Brokers provide many tool management features that provide efficiency and budget relief when developing your network visibility strategy. Newer technology advances such as the Network Critical SmartNA portfolio offer combined TAP and Packet Broker features integrated into a single product lowering CAPEX, saving rack space, reducing power requirements and simplifying management.
Some examples of these cost saving and high efficiency features include:
Port Mapping - Allows traffic to be directed to specific input and output ports where appropriate tools are connected.
Filtering - Allows only relevant traffic to be directed to the right tool at the right time
Aggregation - Allows traffic from multiple links to combined and sent to a tool saving the expense of having to connect all the tools to all the links.
Regeneration - Sends copies of the same set of traffic to multiple tools.
Load Balancing - Evenly divides traffic from a single high speed link to lower speed segments to be sent to legacy tools extending shelf life of existing tools.
Intuitive GUI - Unique Drag-n-Vu GUI does all the hard math in the background and allows deployment and management by simple mouse clicks.
Think Strategic With a Complete Plan
When developing a new network security posture or revising your current plan, it is critical to consider all aspects of cybersecurity from the beginning. Determine your network access policies, acquire the right tools to enforce policies, plan for intelligent tool connectivity early on in the process and develop a culture of continuous training for all employees who will have access to network resources. For more information on visibility strategy contact us.
The best attack mitigation is to avoid being attacked.