At the forefront of cyber security and in the face of growing cyber threats, software security company Cyber Risk Aware (CRA) has recently been awarded the highest level of training accreditation from the industry by the Chartered Institute of Information Security Professionals (CIISec).
CRA offers a variety of cybercrime protective services such as running simulated phishing attacks and undertaking cyber knowledge assessments to determine where the risks lie in a business – the user, department, office, or country.
To boost the efficiency of this service, CRA also provides training and reporting so that companies can meet their legal and regulatory compliance requirements in protecting data, systems and finances.
Stephen Burke, co-founder of CRA, explained: “It is a well-known fact that over 90% of data breaches and other security incidents are caused by human error. Accredited training is the first step to combating this.
“Education is most important and it is something that needs to happen across every level of the business. We are proud to be the first company to receive accreditation since the award of Royal Chartered Status of CIISec status.”
Katie Watson, accreditation administrator at CIISec, explained: “With the rapid growth of cyber threats it has never been more important to ensure that information security professionals are fully equipped to help the employees within their organisations to defend business and society from these threats. We are delighted to be working with CRA to raise standards of professionalism within the industry and ultimately protect businesses and government organisations against high level cyber threats.”
Formed in 2006, CIISec is a UK-based information security institution that aims to help individuals and organisations develop capability and competency.
With Royal Charter status, the organisation works to promote the growth of talent for government and businesses alike, providing certifications that require participants to provide evidence of performing the required skills in the real world rather than merely accrediting on knowledge alone.
In an interview with ITProPortal, Burke stressed that: “Security awareness comes at an expense in both cost and delivery as organisations are required to take employees away from their day jobs. With time being of the essence in business, there is no sense making an employee complete a course on passwords when they’re already aware of how to safely create and store strong passwords.
“Looking forward, network monitoring can be integrated into cyber security awareness solutions and used to send individuals tailored training courses in response to risky activity they've undertaken on the network. ‘Just in time' training or real-time intervention awareness, can detect risky behaviour and flag required training to an employee instantly. This makes the bite-size course fully contextualised and in real-time, so an employee can see what they’ve done wrong and then how to avoid this risky activity in the future.”
The cost of innovation is cyber security
The financial services sector has seen its fair share of cyber-crime over the years, with cyber-attacks costing financial firms an increasing amount to manage, and it appears to be getting worse with the average number of breaches per company tripling from 40 in 2012, to 125 in 2017.
According to a recent report from Accenture entitled “The Cost of Cybercrime 2019”, some 80% of organisations are introducing digitally-fuelled innovation faster than they can secure it against cyber-attackers.
Furthermore, many executives polled in the Accenture 2018 State of Cyber Resilience survey identified the accidental publication of confidential information by employees as having the greatest impact. Human error then, is the primary risk to an organisation’s security, making cyber security training a major priority for businesses.
Perhaps unsurprisingly, the banking sector has seen the largest amount of cyber-crime over the past two years, spending on average $18.37 million in 2018, a rise of $1.82 million (10.4%) from 2017 where it spent an average of $16.55 million.
Coming at slightly less than the banking sector, the automotive industry spent on average $15.78 million on preventing and repairing cybercrime in 2017, a rise of $5.08 million (38.3%) from 2017 where it spent an average of $10.70 million.
Percentage of expenditure by internal activity
Average annual cost of cybercrime by consequence of the attack
(2018 total = US$13.0 million)