Cyber-attacks have always been a concern in the workplace. However, this concern significantly grew since the Coronavirus pandemic hit the world hard, imposing restrictions on movements to fight the disease. Organizations had no choice but to lean towards remote working to keep their operations up and running. This increased the size of the surface attackers could exploit to compromise systems hence the increase in successful cyber-attacks as well. According to a study conducted by Deep Instinct, there was a 653% increase in malicious activity in July 2020 alone as compared to July 2019. A study from Atlas VPN revealed that Google detected an increase of 25% in phishing websites in 2020. In a press release, Deloitte shared that phishing techniques are involved in 91% of cyberattacks and 32% of successful breaches. Despite the stringent rules and policies around cybersecurity in the workplace, cyber-attackers still manage to successfully exploit the human side of individuals.
Professionals rely on several tools and cybersecurity staff awareness training programs to solve the problem. This training also raises awareness amongst employees on cyber risks and advise on the safe way to access resources and do their job. Several companies have adopted this strategy and put significant effort and resources to ensure the efficiency of the cyber awareness training. The Webroot Threat Report of 2020 shared that providing 11 or more training courses to employees for 4 to 6 months decrease the rate of clicking on suspicious links by 65%. The success of this program depends heavily on its consistency and practicability.
Despite the focus put on cybersecurity awareness training, its effectiveness is limited. Most employees remain unaware of cyber threats and how to respond to them. A survey on employee’s cyber habits from TalentLMS and Kenna Security reveals that 69% of respondents have received the training from their employers. They were asked to complete a basic cyber quiz which 61% failed. Most people are still unaware of the implications of cyber threats in the workplace and more recently virtually, with remote working arrangements. Organizations expect an increase in attacks and the development of techniques to compromise systems. Researchers have estimated that by 2025, Cybercrime will cost the world $10.5 Trillion per year. More than affecting organizations and individuals financially, cybercrimes also pose a risk for the safety of people. Compliancy Group reports that 6.5 million patients have been affected by healthcare breaches in the US in May 2021. It is perhaps time to adopt cybersecurity as a culture at an individual level as it was done with basic mathematics or coding.
Professionals agree that coding shapes the mind differently and allow individuals to develop multiple skills such as problem-solving. The U.S. Bureau of Labor Statistics expects that 1.3 million jobs will be opened in the computer and mathematical sectors. The demand has encouraged the actors of the education sector to introduce coding courses in schools. However, the shortage of cybersecurity professionals is alarming. Analysts estimate that around 3.5 millions cybersecurity positions are unfulfilled. Furthermore, among applicants, only a few are qualified for the tasks required by the roles. Developing normalized cybersecurity courses for young people might bridge the gap of cybersecurity unfulfilled roles, achieve acceptable awareness level amongst employees and reduce the negative impact cyberattacks have on organizations and on individuals in general.
Khalimatou is a student in MSc cybersecurity from the National College of Ireland.
