https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

Security


Question Mark

Ask a Security Expert: ‘When End-User Security Awareness Fails, What’s Next?’

  • Written by Gary Hayslip
  • September 7, 2018
Our latest ask an expert deals with the biggest weakness in most customers — their people.

According to Gareth Brown, director of business IT security and support firm Sytec, this is one of the most common questions he receives from clients. Unfortunately, he has a good point. Employees are going to click on things they shouldn’t — despite what businesses do to prevent it. However, it’s important to remember that humans cause these issues because of simple curiosity, thus presenting the need for continuous training to override human nature. 

Cybercriminals target businesses through their end users, often using user information as shared on social networks and other locations online to gain their trust. When end users unwittingly click phishing links, open malware attachments, or give up credentials and other sensitive information online, cybercriminals can bypass existing layers of security to successfully breach organizations’ networks.

According to the Verizon 2018 Data Breach Investigations Report, “companies are nearly three times more likely to get breached by social attacks than via actual vulnerabilities, emphasizing the need for ongoing employee cybersecurity education.” Although end users are an organization’s first line of defense, it’s clear there is still a long way to go.

Security Awareness: Crucial, But No Silver Bullet

In today’s business world, end-user security awareness – while not foolproof – is critical in bolstering a company’s overall security posture. Cybersecurity safety habits should not be considered common knowledge, and businesses should work to make sure their employees, from top-level executives down to new hires and temps, receive the proper training, arming them with the tools needed to recognize potential threats before any damage is done.

According to a recent survey of small and midsize businesses, 79 percent of IT decision-makers globally don’t believe their companies are completely prepared to protect against cyber threats. There may be several reasons for this number, but one could be the level of attention to education that organizations provide. While nearly all organizations provide some level of security training (nearly 100 percent), only 39 percent continuously train employees on best practices for cybersecurity throughout the duration of employment. Further, 36 percent train employees only once, either during on-boarding or after a security breach takes place.

Unfortunately, modern attacks are designed to prey on human nature. Say, for example, you work with a company that has implemented a new security-awareness program, has provided resources to help employees recognize and better navigate potential risks, and you have full support from upper management. Even with all of the odds in your favor, you might still fall victim to a basic phishing threat sent to an unsuspecting employee who was caught off guard.

Organizations that tend toward proactivity, rather than reactivity, will do best in the face of a data breach.

In order to be ready for the next attack, work with customers to develop a breach response plan that includes the following elements:

  • A process to identify all critical data required for business operations.
  • A way to ensure critical data is backed up offsite in an appropriate location.
  • A communications plan for those that will manage the incident response and business-continuity process.
  • Training for those individuals using the plan so everyone knows their roles and responsibilities when bringing operations back online.
  • Identification of a secondary site, whether physical or cloud-based, to run business until the breach is settled.
  • A plan to hold after-action meetings to review the breach and the actions taken to resolve any issues and improve the team’s performance.

In addition to having a solid response plan in place in case of an attack, there are proactive steps organizations can take to be sure they are ready to handle what happens when awareness training fails. Cybercriminals are more sophisticated than ever, and social attacks like phishing are at the top of their list. To combat these attacks, neither security technology nor awareness training is enough.

In my experience, a key formula for success includes:

  • Annual security-awareness training.
  • Quarterly updates, blogs and lunch-and-learns to keep training fresh.
  • Employment of security technologies to stop malware and block malicious sites and URLs.
  • Anti-phishing training, which allows security teams to send fake phishes to train staff, to help reduce the impact of the most used cybercriminal tool to gain a foothold into organizations.

MSPs and security teams must always account for human nature; however, with the right processes and technologies in place, businesses can become resilient to these attack techniques and more successfully safeguard their data.

Gary Hayslip is responsible for the development and implementation of all information security strategies, including Webroot’s security standards, procedures and internal controls. As CISO, he also contributes to product strategy to guide the efficacy of the Webroot security portfolio.

 

Tags: Agents Cloud Service Providers MSPs VARs/SIs Best Practices Cloud Data Centers Security Strategy

Most Recent


  • Momentum
    Microsoft Security Now $20 Billion Business with 'Tremendous Momentum'
    One analyst says there's few legitimate obstacles in its path for further growth.
  • Intelisys Pre-AMP'd Marketing Forum
    Intelisys, Suppliers, Agents Take Aim at the Partner Marketing Gap
    Marketing is historically a second thought for the sales-focused world of technology advisors.
  • Layoffs
    IBM and SAP Are the Latest to Announce Layoffs, SAP to Shop Qualtrics
    IBM Will Cut 3,900 employees, while SAP plans to eliminate 3,000 jobs.
  • 2023 Opportunities
    There Are Plenty of New Opportunities for MSPs in 2023
    Partnership is key, along with automating data protection and cloud optimization technologies.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • White House
    White House Urges Companies to Take Ransomware Attacks More Seriously
  • Security shield on digital background
    VMware Security Connect Focused on Redefining Security, Increasing Threats
  • Fortune 500 2021 logo
    AT&T, Microsoft, Verizon, More Tech, Telco Companies Make Latest Fortune 500
  • SDN
    Windstream Rolls Out Enhancements for VMware-Powered SD-WAN

Upcoming Events

View all

Channel Partners Conference & Expo

May 1, 2023 - May 4, 2023

Channel Partners Europe

June 13, 2023 - June 14, 2023

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Galleries

View all

Intelisys, Suppliers, Agents Take Aim at the Partner Marketing Gap

January 26, 2023

Ivanti: Everyone Should be Concerned About ChatGPT and Cybersecurity

January 25, 2023

Microsoft Earnings: Azure, Other Cloud Services Contribute 31% Growth

January 24, 2023

Industry Perspectives

View all

Make the Most of the Gift of Time in 2023

January 25, 2023

Strong Partnerships Ease Challenging UPS Upgrade

January 24, 2023

The Advantages of Managed Networking and Security During Economic Uncertainty

January 5, 2023

Webinars

View all

Next-Generation MSP Platform: The Building Blocks for Your Business

February 15, 2023

Security Secrets of the MSP 501: How to Be a Cyber Leader in 2023

December 15, 2022
  • 1

Cybersecurity Certifications: Their Evolving Role in the Fight Against Increasing Attacks

December 13, 2022

White Papers

View all

Overcoming Your Endpoint Security Limitations with a Skeleton Crew

October 25, 2022

Embracing the Zero Trust Mindset For Endpoints

October 24, 2022

Endpoints are the Destination

October 24, 2022

Channel Futures TV

View all

Coffee with Craig and James Episode 117: Cato Networks, Video Killed the Podcast Stars

Retired Astronaut Capt. Scott Kelly Previews His CP Expo Keynote

December 21, 2022

Fusion Connect Eyes Future with Intrado UC, Managed Network Customers

September 23, 2022

RingCentral Focused on Hybrid Work, Microsoft Teams, Other Integrations

September 23, 2022

Twitter

ChannelFutures

.@msftsecurity surpasses $20 billion in annual revenue, analysts say it's a formidable #cybersecurity market conten… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

The adoption of cloud-based services ☁️ has spiked in the last few years and is among the top growth segments. See… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

[email protected], @NICECXone, @lumencpp, @CiscoPartners joined @IntelisysCorp and partners for a day of marketing worksho… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

.@IBM and @SAP announce #layoffs of thousands of employees dlvr.it/ShV2VY https://t.co/7QK1YqVpwa

January 26, 2023
ChannelFutures

#MSPs can boost #Channel business if they personalize the #DigitalExperience for partners, says @AvePoint.… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

Consider mental health in the context of DE&I. Create safe spaces where employees can feel comfortable being who th… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

.@GoIvanti's CSO says #ChatGPT poses numerous cybersecurity concerns. dlvr.it/ShRmdt https://t.co/n22RZ4PZaO

January 25, 2023
ChannelFutures

.@ConnectWise losing Craig Fulton after 16 years. #MSPs dlvr.it/ShRRxg https://t.co/KaAVH8gRYs

January 25, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X