Real-World Examples of Cybersecurity Nightmares That Could Have Been Avoided – Part 3

human error calamity

Security and compliance awareness training transforms a company’s greatest security risk — its people — into its greatest defensive asset. When companies empower their employees through security awareness training, they gain a host of unbeatable benefits like reduced security costs, increased compliance, and a big edge against cyberattacks. Over our 3 Part Series, each scenario offers a concrete example of the cyber dangers that organizations are facing today and the consequences of failing to prepare employees to handle them.  

Scenario #3: A Human Error Calamity

Employees are human, and human beings make mistakes. While those mistakes are sometimes just unfortunate problems, more often than not employees make bad choices when it comes to security because they just don’t know any better — like entering their password on a phishing site or falling for social engineering tricks. Employee mistakes, whether they’re caused by carelessness or simple ignorance, create over 60% of security incidents.  

Here’s how an employee mistake incident like this might unfold for a business: 

An employee receives an email telling them that they need to change their password for Office 365. The email contains a link to help them do it. The unsuspecting employee clicks on the link, which goes to a web page that looks legitimate to them — it has Microsoft’s logo and everything. The employee then enters their password and chooses a new one. However, the email prompting the password change as well as the web page are fake, and the employee just gave their login credentials to cybercriminals. 

What might happen if an employee action at my company causes this security failure? 

Any or all of the following security nightmares could unfold: 

  • The bad guys snatch an employee or privileged user’s credentials. 
  • Someone sends an unauthorized person a sensitive file. 
  • Company systems become infected with malware like ransomware. 
  • Cybercriminals gain access to proprietary information or protected data. 
  • Bad actors take over an employee user account. 

Possible Outcomes 

One employee mistake can kick off a chain of events that ends in a disaster. 

  • Bad actors use stolen login credentials to deploy ransomware or otherwise harm the victim company. Almost 30% of untrained users in a social engineering study fell for phishing lures that enticed them to click on malicious links, download suspicious files and email attachments, enter their credentials at a fake site and even correspond with cybercriminals. 
  • Cybercriminals are able to steal data from the employee’s company — 95% of data breaches are caused by people making mistakes. 
  • Bad actors access or obtain protected data, resulting in the company incurring a large penalty and the potential loss of a contract. 
  • The victim’s employer must now begin an incident investigation and response. About 60% of organizations say employee-involved security incidents have become more frequent.  

How does security awareness training help? 

  • Security awareness training improves overall password security by as much as 50%. 
  • Security awareness training reduces the costs that companies incur because of phishing like lost productivity and incident response by more than 50%.

Security and Compliance Awareness Training is Easy and Affordable

With risks like these around every corner, it’s easy to see why every company needs to make a powerful defense against phishing a top priority to avoid joining the ranks of the 60% of businesses that fold in the wake of a cyberattack. The Interactive Security’s security awareness training platform answers that call. 

Our security awareness training solution is packed with features that make the training process efficient, effective, and easy. 

  • Preloaded phishing kits help employees learn to spot and resist the phishing lures or scenarios they face every day. 
  • Video lessons on subjects like ransomware, compliance, password safety, security hygiene and more give every employee a solid grounding in cybersecurity best practices. 
  • We add 4 new videos a month in 7 languages to make sure that your users are trained on the risks and compliance requirements that they’re facing right now! 
  • Automate training delivery, testing, and reporting. 

Emory Vandiver

Emory Vandiver is the Vice President of Business Operations and a Partner at Interactive Security, where he is responsible for executing the company's strategy as a premier IT Security and Compliance provider. For over 20 years Emory has worked for leading enterprises across a diverse cross section of the information technology industry. His professional passion lies in understanding client business goals, challenging the status quo and leveraging technology-based solutions to maximize client performance. He strives to bring unique insight and value to his clients' businesses, along with a superior customer experience.