RISK: 13% of people still open, click on suspicious emails

Simply ignoring potential threats is only half the battle

Cybersecurity can be a maze of high-tech, cloak-and-dagger moves and counter moves. But some of the most effective ways for an organization to protect itself against expensive and dangerous data breaches are the simplest and cheapest: training and talking.

David Ostertag, global investigations manager for Verizon Enterprise Solutions, which investigates more data breaches every year than any other organization in the world, likened corporate and organizational cybersecurity to simple auto burglary. If your information is secure, you’re less likely to be targeted than someone who’s not as careful.

Read: How hackers hack

“A kid will go driveway to driveway, pulling on the car door handles, and they’ll take the loose change from the ones that are unlocked,” said Ostertag, a Chicago-based former police officer, at a round-table cybersecurity discussion in Toronto on Thursday. “If you lock your car, the kid, in most cases, isn’t going to smash your window or jimmy the lock, he’ll go to the next car.”

According Verizon’s 2016 Data Breach Investigations Report, 13 percent of email recipients click on phishing emails and unwittingly open links that threaten their organization’s cybersecurity. While that number is too high for his liking, and any organization would benefit from seeing it reduced, there is a silver lining.

Read: Stolen medical identities

“Eighty-seven percent of your employees don’t open that email or don’t succumb to that social engineering attack,” Ostertag said. “But we shouldn’t just train our employees to not open that email or not click on that link, we need to train them to report it.”

When employees report suspicious emails, and a diligent IT department follows up, the organization will be far more likely to discern a pattern in their cyber threats and stop them from escalating.

Michele Dupre, Canadian group vice president Verizon Enterprise Solutions, agreed that simply ignoring potential threats was only half the battle. One company she works with created a reward and recognition program for employees who report suspicious emails, phone calls and other contact. The company’s executives feel the initiative will “definitely pay dividends in the long run,” Dupré said.

Read: A new way to look at fraud… and prevent it

Incidences of cyberattacks have increased in the past few years, according to Ostertag, with his company investigating 526 data breaches in 2015, up from 400 in 2014. Hackers, motivated by finances or espionage in 89 per cent of cases, were seldom the end users of the stolen information. Rather it was sold to the highest bidder on the dark web.

Ostertag said he’s seen a “dramatic increase” in the past year in the number of his clients who have cyberattack insurance, meant to bolster their security to prevent a cyberattack, hasten the response if an attack does occur and recoup some of the costs.

Copyright © 2017 Transcontinental Media G.P.
Transcontinental Media G.P.