Why investing in online training is not enough to avoid a cyberthreat

Photo: Photo: © momius / Adobe Stock

Every day, there are increasing numbers of business owners and executives that I meet with who have faced at least one cyberthreat.
In the past, the answer was to look at increasing the frequency of backups and creating stronger firewalls for company servers. Problem is the cyberterrorists are becoming increasingly brash and strategic in their threats.

It was only a couple of years ago now that I participated in a roundtable discussion with several Canadian manufacturers. During the discussion, three out of the four company presidents had faced a cyberthreat of some kind.

Since what we’ve been doing no longer seems sufficient, I reached out and spoke with Carmine Tiano, President of Manawa Networks, to understand what today’s cybercriminals are up to, and, more importantly, what manufacturing leaders need to be cognizant of.

According to Tiano, “most people think the greatest cyber risks originate from outside their company, but that’s not entirely true. Internal threats pose the greatest risk.”

This didn’t come as a major surprise, considering the number of clients I’m working with who have me complete their now-standard “KnowBe4” training; an online, skills-based learning platform for helping employees become more educated on cyberthreats.

But is investing in online training for your employees enough to overcome increasingly sophisticated cyberthreats?

In my experience, working with sales teams and their leaders, online training can be a good supplement and aid to reinforce face-to-face learnings, but are typically insufficient to ensure an effective transfer of skills.

Photo: © pdusit / Adobe Stock

It’s akin to thinking that you can get your pilot’s licence without ever having stepped foot in an airplane.

When I asked Tiano his thoughts, he shared that phishing is likely the greatest threat any manufacturer faces, and although some phishing training and simulations are a great thing to do, additional controls and measures are strongly encouraged.

The most effective controls he suggests can include:
-Mandatory vacation time that in turn allows others to rotate into their job, ensuring employees don’t operate in a bubble.
-Helping educate employees on less common but increasingly popular cyberthreats, including vishing (voicemail fraud).
-Ensuring executives are aware of the threats associated with whaling (targeting a CEO or executive).
-Adding controls that ensure no one person can transfer money outside the organization without validating the recipient’s identification.

Tiano, who has been working with manufacturers to help them develop a more strategic approach to creating value through their IT infrastructure, shares that some hackers are even going so far as to pay disgruntled employees to co-conspire with them for a portion of the ransom.

Although this may seem far-fetched, it provides insights into just how far these hackers will go to make money and cause chaos.

What can you do?

When it comes to cybersecurity, as with any other risk to your business, taking a combination of both mitigating and contingent actions is key to ensuring the threat is minimized.

Some training might be a good start, but it’s not enough.

Only by introducing a combination of training, controls, and additional measures, manufacturers can protect themselves, their shareholders, and customers from outside threats.
__________________
Shawn Casemore helps companies accelerate their growth. To learn more, visit his web site at www.shawncasemore.com.