95% Cyber crime happen just because of lack of user awareness

What is Cyber crime ?

 Cyber crime, or computer-oriented crime, is a crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Cyber crimes can be defined as: "Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such as Internet (networks including chat rooms, emails, notice boards and groups) and mobile phones (Bluetooth/SMS/MMS)". Cybercrime may threaten a person or a nation's security and financial health.[4] Issues surrounding these types of crimes have become high-profile, particularly those surrounding hacking, copyright infringement, unwarranted mass-surveillance, child pornography, and child grooming.

Common methods of Cyber Crime

1.Phishing

2.Malware

3.Identity Theft

Nick Santora of Curricula, a security awareness training company, offered some advice to help security leaders make training accessible, entertaining and effective. He also discussed how education can reduce the frequency and impact of cyberattacks. 

Why is cybercrime awareness education the best way to prevent future attacks?

According to a past IBM Cyber Security Intelligence Index report, 95 percent of security breaches are caused by human error. With stats like this, it’s hard to ignore the fact that there may be more to cybersecurity beyond the firewalls, antivirus, appliances and other tools used to protect businesses from cyberattacks. Humans play an integral part of an organization’s cybersecurity program, and we need to realize that humans will continue to become one of our biggest risks to our organizations. Our goal is to make people our biggest asset.

We can do this by making education a priority. From the boardroom down to the water cooler, cybersecurity needs to be a topic that we are all familiar with. Ignoring cybersecurity, especially at the leadership level, would be like saying, “I don’t know how to read.” Cybersecurity is an integral part of business operations and must be openly discussed throughout the organization. Leadership must understand that education about cybersecurity applies to everyone in the organization and is not just left to the IT or security staff to understand.

How can training make a difference in preventing cyber intrusions?

Santora: All it takes is a simple phishing attack or a curious employee to be the difference between a successful attack or not. Hackers use so many different attack vectors to bait employees. They use everything from free offers to steal account credentials to targeted phishing emails that look just like everyday business emails.

It doesn’t stop there: Leaking important data outside of the organization, removable media that is infected and even physical security are all part of the picture. Each employee plays an important role in the organization on defending against cyberthreats. It is important that your employees know the role they have in the organization and what they can do to help prevent a cyberattack.

What methods are companies currently using to train employees? Are they effective?

We know that cyber security knowledge is essential, so what is the challenge to educate employees so the training is actually effective? Let’s start with what most current security awareness training looks like and where the challenges are.

Most organizations treat security training as check-the-box type of activity. Security training is bunched together into a half-hour, death-by-PowerPoint presentation right when an employee joins the company. This is alongside dozens of other pieces of HR paperwork for the employee to complete. Right away, security is seen almost as a roadblock rather than an integral part of their jobs. The sad part is that this employee may never get another piece of security awareness training again, or if they do, it comes in December, along with all of the other HR paperwork that needs to be done.

So separating security training from the more general on boarding information onslaught can make it stand out?

Employees need to connect to the information in a way that is relatable to their personal lives. Most security training is put together either by HR or a team of lawyers, which makes it sound very corporate and not really identifiable from the employee’s perspective. What happens is, although the intent is great, employees cannot recall information that is thousands of words on a screen in legal language. They cannot connect with the information they are being told in a way that is personable and makes sense. They become overwhelmed with slides, images that are copied from a Google search and lengthy words on a screen.

So that brings me to content. Believe me — your employees don’t want to read a book about cybersecurity. They want to understand the basic principles and how it applies to them. Security awareness should be fun — not another boring training session that is to be forgotten just hours later.

Is there a best practice to get the message to employees that’s different from the standard jargon-based documentation?

In order to create great content, think about how marketing agencies deliver their message. They spend a significant amount of time on the message they are trying to deliver to their audience and make it as concise as possible. This is the same effort you should be doing in your security training. You also need to supplement that message with attractive graphics, videos, images and anything else that can grab the employee’s attention. This is not easy, and requires a team of dedicated designers, communicators and, most importantly, experts that know what message to deliver.