http://smallbusiness.co.uk/businesses-fail-hacking-test-2538562/
Middle market businesses fail ethical hacking test
This article talks about the following: Upskilling the employees on Cyber Threats and Data Prevention has been a huge challenge for organizations. It is said that more than 40% organizations are subject to Cyber Threats. The hacking experiment conducted by RSM on middle market companies in revealed shocking results. The company sent out 200 spam emails to employees and within minutes, 16% of the employees in those organizations clicked on those emails, a figure that rose to 35% in a short time. Ignorance and carelessness to such outside emails has resulted in this and employees are becoming increasingly vulnerable to cyber-attacks by hackers. These companies have been encouraged to protect themselves against common Cyber-attacks such as Phishing, Whaling, Ransomware, etc.
It will be interesting to see how things unfold in the future. What measures has RSM implemented to ensure employees adhere to common Cyber threats? Will these due-diligence steps be rigorously followed by these employees? Do organizations have the necessary systems and processes in place to change their existing Cyber systems? The answer to these questions will only reveal the efficiency of implementation of Cyber Security Measures.
Hi Donald,
I always find these articles to be a good read because it demonstrates how organizations and individuals are still quite ignorant to cyber security, Regarding the spoof emails, 16% of employees responded in minutes with 35% by the end of the day. This is a very high percentage and whichever organization this is, they need to implement some type of cyber training. I believe all organizations should implement a training that is mandatory for employees to take (required to stay compliant). Maybe the organization should test their own employees like sending their own spoof emails. There should be some type of penalty process in place based on each time the employee fails the cyber test.
It definitely concerned me that 1 in 5 companies suffer a cyber attack, yet take no initiative to prevent future attacks. The results of cyber attacks are expensive and can be more expensive to a small or middle-sized firm compared to a large organization. Cyber attacks are always broadcasted on TV and online, so to think there are still organization not taking any action is ridiculous. The mentality “It will not happen to me” needs to be removed because a successful attack or an attempt can happen to any organization or individual.