The more you know, the less likely you are to be a victim of cybercrime

Security awareness and user education are the most effective tools for avoiding the rising costs of cybercrime

Cybercrime is more costly than most organizations realize, and those costs are continuing to rise. The cost per victim has increased 50 percent, and the total cost of cybercrime is a staggering $113 billion--with a "B." One way to avoid becoming a victim of cybercrime is to make sure users are trained to recognize potential threats.

[Enterprise defenses lag despite rising cybersecurity awareness]

A cybercrime attack impacts a company in three ways. There is the cost of the attack itself, including any money or data that is stolen, as well as the cost of eradicating the threat and cleaning up after the incident is discovered. There is the effect the attack has on the brand reputation and credibility, resulting in a decline in business in general. And, finally, there is the potential cost of lawsuits from those affected by information compromised in a data breach.

Symantec conducts an annual study of consumer online behavior, attitudes, and security habits, and their relation to online dangers and the financial cost of cybercrime. The 2013 Norton Report found that the number of cybercrime victims has declined, but that the average cost per incident, and the overall cost globally both went up. To summarize, your chances of being a victim of cybercrime have decreased slightly, but the impact of being a victim of cybercrime has gone up substantially.

When you combine that with other findings from the Norton Report, it gets a bit scarier. Symantec found that 63 percent of those surveyed have smartphones, and 30 percent have tablets--but half of them don't use basic security precautions like setting a PIN or password of some sort. On top of that, nearly half of the respondents use their personal devices--laptops, smartphones, and tablets--for business purposes at well, so those poor security practices are putting sensitive business data at risk.

There are a lot of things companies can do to defend against malware and cybercrime, but the reality is that there is no absolutely impenetrable defense. Security is a game of risk management. The goal is not to create an invulnerable network--the goal is to make a successful attack more challenging and more costly for attackers.

[Security spending continues to run a step behind the threats]

One of the most effective ways to do that is through education and security awareness. No matter how great your security tools are, the human beings using the devices, typing on the keyboard, and clicking the mouse are the weakest link. User error can torpedo even the best defense.

Stu Sjouwerman, founder of KnowBe4, believes that the most effective form of defense is a persistent user awareness program. Many organizations pay lip service to user awareness, but Siouwerman promotes a more aggressive program that includes periodic testing users by exposing them to fake threats to identify weaknesses and focus additional training to ensure users are aware of those attack vectors.

Siouwerman obviously has a biased self-interest in promoting security training since that is what KnowBe4 does. However, KnowBe4's role as a provider of security training, and its work with infamous hacker Kevin Mitnick also give Siouwerman a unique view and appreciation for the value of training users to recognize and avoid threats.

The simple fact is that cybcercrime is costly, and it is continuing to get more expensive over time. Companies need to invest in effective security tools to identify and block threats, but the users are the weak link, and there is no substitute for making sure employees are trained to understand and recognize cyber attacks.

Join the CSO newsletter!

Error: Please check your email address.

Tags symanteclegalcybercrime

More about NortonSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place