Real-World Examples of Cybersecurity Nightmares That Could Have Been Avoided – Part 1

Security and compliance awareness training transforms a company’s greatest security risk — its people — into its greatest defensive asset. When companies empower their employees through security awareness training, they gain a host of unbeatable benefits like reduced security costs, increased compliance, and a big edge against cyberattacks. Over our 3 Part Series, each scenario offers a concrete example of the cyber dangers that organizations are facing today and the consequences of failing to prepare employees to handle them.  

Scenario #1: A Ransomware Nightmare 

A ransomware attack takes place every 11 seconds, and no business is safe from this menace. The most likely tool cybercriminals use to launch ransomware attacks is phishing email — and if employees aren’t aware of what to be on the lookout for, it could spell disaster. 

Here’s how an incident like this might unfold: 

An employee checks the messages in their email inbox. They open a message that tells them that they need to fill out some important human resources paperwork right away. Conveniently, the form they need to complete is attached to the email. The employee quickly opens the attachment to take care of it. However, they don’t just download a form — they also download ransomware. About 50% of ransomware attacks target businesses with fewer than 100 employees. 

What might happen if an employee action at my company causes this security failure? 

The cybercriminals perpetrating this attack might use ransomware to do any number of devastating things: 

  • Encrypt the victim company’s data, computers, machines, production line or other business systems, paralyzing their operations. 
  • Steal data, records, employee information, patient files, formulas, blueprints, financial data, customer lists or other proprietary data. 
  • Threaten to damage the victim company by publicizing the attack or releasing information in the stolen data that could cause the victim embarrassment or harm. 
  • Demand payment to provide remedies for these problems — and the average ransom demand is $570,000. 

Possible Outcomes 

Nothing good awaits a business that fails to defend against a ransomware attack.

Possibility: The attacked organization agrees to pay the ransom in a misguided attempt to resume normal business quickly.

  • However, fewer than 60% of companies that pay the ransom when they’ve been hit by a ransomware attack are able to recover even part of their data. In fact, 39% of companies that pay a ransom never see any of their data again. 
  • Paying ransoms may be illegal, and cyber insurance is unlikely to cover the ransom payment. 
  • Experts estimate that 80% of companies that pay the ransom get hit with a second ransomware attack, often in as little as 12 months of the first.

The victim company will most likely experience downtime, potentially losing revenue and business opportunities. Companies impacted by ransomware lose an average of six working days. 

  • An estimated 70% of the damaged company’s employee productivity is lost while the incident is being remediated. 

Regulators pounce because the victim has violated data protection rules, slapping the victim with big penalties that increase data breach cost an average $2.3 million. 

The company that was successfully attacked experiences reputation damage through bad publicity.

  • Nearly two out of every three consumers would likely avoid doing business with an organization that experienced a cyberattack in the past year. 

How does security awareness training help? 

Trained employees are alert to the danger presented by unexpected messages, even when they’re official sounding. They’re also armed with the skills that they need to take the right actions when faced with a suspicious message, like checking for common red flags that indicate phishing. The knowledge that employees gain from security awareness training improves phishing awareness by an estimated 40%. 

Security and Compliance Awareness Training is Easy and Affordable

With risks like these around every corner, it’s easy to see why every company needs to make a powerful defense against phishing a top priority to avoid joining the ranks of the 60% of businesses that fold in the wake of a cyberattack. The Interactive Security’s security awareness training platform answers that call. 

Our security awareness training solution is packed with features that make the training process efficient, effective, and easy. 

  • Preloaded phishing kits help employees learn to spot and resist the phishing lures or scenarios they face every day. 
  • Video lessons on subjects like ransomware, compliance, password safety, security hygiene and more give every employee a solid grounding in cybersecurity best practices. 
  • We add 4 new videos a month in 7 languages to make sure that your users are trained on the risks and compliance requirements that they’re facing right now! 
  • Automate training delivery, testing, and reporting. 

Emory Vandiver

Emory Vandiver is the Vice President of Business Operations and a Partner at Interactive Security, where he is responsible for executing the company's strategy as a premier IT Security and Compliance provider. For over 20 years Emory has worked for leading enterprises across a diverse cross section of the information technology industry. His professional passion lies in understanding client business goals, challenging the status quo and leveraging technology-based solutions to maximize client performance. He strives to bring unique insight and value to his clients' businesses, along with a superior customer experience.