October 08, 2024 | Cyber Security | Jenni Ramminger

Informed and Motivated Employees Are Your First Line of Defense Against Cybercrime

Share This:

While cyberattacks caused by sophisticated cybercriminals and the advent of artificial intelligence (AI) make headline news, human error continues to drive most cyber events. According to Harvard Business Review (HBR), more than 80% of cyber incidents are attributed to end-user error. The worldwide cost of cybercrime was estimated at $10 trillion in 2023 and is expected to more than double in the next four years.

In addition, in a 2022 study by Stanford University, 90% of ransomware attacks originated through phishing emails to employees, according to an article by Maria Long, Vice President, Cyber Underwriter & Risk Management Portfolio Leader at Munich Re Specialty. And while most companies have beefed up their security controls to mitigate phishing incidents, employee education and training fall short. The same Stanford University study indicates that, even with increased cybersecurity budgets, less than 3% of these budgets are allocated to the human factor.

Phishing refers to fraudulent emails that fool users into exposing personal information or downloading malware. Cybercriminals are now deploying generative AI, deep fake technology, and CFO spoofing to craft personalized and convincing messages. They can use AI algorithms to collect and analyze data from social media, websites, and other sources to imitate legitimate communication styles and content. This makes it more challenging to discern genuine and fraudulent messages.

Phishing incidents result in financial losses, reputational damage, business disruption, and loss of clientele and potential business opportunities.

Prioritize Internal Phishing Awareness and Training

As the operations of logistics service providers continue to become increasingly digitized and intricate, ongoing security awareness and training, along with multi-layered security protocols, are critical components in any cybersecurity plan to mitigate and combat ongoing threats. Cyber education and training should be part of the company’s culture, which starts with top management. “Leadership must understand the implications of phishing attacks and the benefits of a strong cyber training and awareness program – integrating and aligning the ‘why’ with the mission and values of the organization,” says Long.

According to the National Institute of Standards and Technology (NIST), employees should view quality cybersecurity practices as good business and part of “how we do business here.”

A phishing awareness and training program should include the following topics:

  • Typical phishing attack patterns
  • Common cybercriminal strategies
  • Typical phishing message characteristics (for example, the email may ask for confidential data or information, use a different domain, have links outside of the main domain, use incorrect spelling and grammar)
  • The intent of the attacker and examples of successful outcomes
  • Tips to avoid scam emails
  • How to properly report phishing campaigns to both the IT team and authorities

Once the phishing awareness and training program is complete, it’s essential to test the knowledge of all employees. There are companies that provide a variety of real-world phishing examples, ask employees to identify risky messages, and offer steps to take in the event they receive such a message.

Training should also include regular, unannounced phishing simulations to help pinpoint weak spots and keep cybersecurity top of mind among the staff. These tests may consist of emails, text messages, or voicemails sent and monitored by the IT staff. Individuals who click on a link, download a file, or respond to a message may be led to appropriate training sites to help them improve their cybersecurity awareness and abilities. The team can also use the outcomes of such activities to improve training materials or design specialized courses on specific critical topics.

In addition, as increasingly more novel social engineering schemes are being deployed, ensure training materials are routinely refreshed to encompass these latest threats and address social engineering advancements.

Ongoing training is intended to empower employees to maintain good cyber hygiene, make good decisions, and feel that cybersecurity is their responsibility. As Long puts it, employee training builds a ‘human firewall’ in defending against cyberattacks.

Invest in Cyber Insurance

Cybercriminals are relentless, and even the most buttoned-up security and training can fail to prevent a breach. Cyber insurance provides logistics service providers with coverage to weather the financial impact of a cyberattack. A policy can be designed to offer an integrated solution that helps pay the costs for the following:

  • Data loss and restoration
  • Data incident response, including notification expenses, crisis management, and public relations
  • Forensic fees
  • Legal expenses
  • Third-party liability
  • Business interruption
  • Loss of income as a result of the attack
  • Extortion and ransomware payments
  • Payments for fraudulent wire transfers

Protect Your Business with a Proactive Cybersecurity Strategy

Don’t wait for a cyberattack to expose your vulnerabilities. Empower your employees with comprehensive training, integrate advanced security protocols, and ensure you have the right cyber insurance in place.

Contact us today to discuss your cyber insurance options and safeguard your business.

 

Disclaimer: This information is provided as a public service and for discussion of the subject in general. It is not to be construed as legal advice. Readers are urged to seek professional guidance from appropriate parties on all matters mentioned herein.

Share This:

Related


Ransomware. To Pay Or Not To Pay? That Is The Question.

If you haven’t been the victim of a ransomware attack yet, you may be someday soon. According to research by the cybersecurity company, Malwarebytes, six of every ten malware infections during the first quarter of 2017 were attributed to ransomware.1 If and when it happens to you, you will have to decide whether to pay […]

Cyber Security, Industry Insights

How Vulnerable is Your Company to an Attack by Cyber Criminals?

As featured in Forward Magazine At the AirCargo 2022 conference, a question was posed to the audience: Who has cyber insurance? Only 20% of the audience raised their hands! This is concerning because cyber-related crime is at an all-time high and still growing fast. The current data around cybercrime is alarming. By April of 2021, […]

Cyber Security, Industry Insights

7 Cyber Smart Tips to Avoid Phishing Scams

PHISHING Today we continue our blog series highlighting the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency efforts on the “Do Your Part – #BeCyberSmart” campaign for October, the National Cybersecurity Awareness Month. The cyber awareness topic for today is Phishing. Read on to learn 7 tips to protect your company from Phishing […]

Cyber Security, Industry Insights, Insights

Roanoke is the leading provider of insurance and surety solutions for transportation and logistics providers. In fact, we are recognized as the most reliable source for U.S. customs bonds.

Contact

If you have any questions or need help, feel free to contact with our team.

800-762-6653

US CORPORATE HEADQUARTERS

1501 E. Woodfield Road

Suite 400W

Schaumburg, IL 60173


CANADA CORPORATE HEADQUARTERS

390 Bay Street

Munich Re Centre, 22nd Floor

Toronto, ON M5H 2Y2

Solutions that Go the Distance.

© 2024 Roanoke Insurance Group Inc. A Munich Re company

Better Business Bureau logoCoverholder at Lloyd's logo