By Russ Levanway, CEO
Action = Reaction
Recent events have tested the resolve of our mission ‘Productivity Enhanced, Lives Enriched’ and we’ve decided to do something about it.
The increasingly relevant upswing of recent cyber attacks culminated last month in what is now known as the largest ransomware attack to date. WannaCry crippled computers worldwide, taking out the UK’s national healthcare system and causing devastating damage. The exploit the attackers used had been stolen from the NSA and published by a hacking group called the Shadow Brokers.
To add insult to injury, the software creators were amateurs who didn’t properly link people’s payments to the encrypted computers, which means most people who paid the ransom never recovered their files.
In the aftermath of this attack, we asked ourselves: What are these attacks if not a threat to TekTegrity’s mission to enhance productivity and enrich lives?
When our clients open an infected email and inadvertently circumvent antivirus security and any other layers of protection we add in, it can bring their network to a standstill. Recovering all the files from backups can take a day or longer depending on the extent of the infection. Work is lost and has to be recreated. The staff has to work overtime to make up for the lost productivity. Money is lost. It’s disruptive to people’s lives and upsets their work-life balance.
Humans succeed where tech fails
Many times here, I’ve talked about how physical security isn’t the end-all, be-all defense; how really, your best and last line of defense is a well-trained, aware and vigilant workforce. I sincerely wish that we as an IT company could install a simple program on your network to prohibit attacks, but, like the fire department, we often have to respond to emergencies and cannot always prevent them.
If we’re going to push back against the assault on our mission, we feel we need a new baseline for that fight – something that trains people more efficiently and builds good habits.
Training your first line of defense
The good news is as hackers employ increasingly sophisticated methods to commit cybercrime, the tools at our disposal to combat cybercrime have also grown increasingly sophisticated. For example, there is a new user training and awareness tool that we piloted with one of our largest clients earlier this year with promising results.
Developed by a world-renowned hacker, the tool combines real life scenarios with lessons aimed at removing the human error element that cybercriminals prey on. Amongst our pilot group, the “fraudulent email” click rate went from 18% to less than 2% after participating in the program.
We all say we want protection and know that investing in training improves the bottom line and enhances our productivity, but in the moment, it feels like more time than we can afford to spend. I get it. However, from our vantage point, we see advanced user training like mandatory antivirus software: it’s too effective and critical to opt-out. We have witnessed first-hand that this level of training will provide immediate protection for your business.
For the record, it would be far easier for us to say our job is physical security, and user training is our clients’ problem. But that’s not our style, nor does it comply with our mission. It isn’t just about installing more software on your computers anymore. This time, it’s about becoming savvy. Stay tuned for more information about how we are planning to help you educate your staff to protect your business.