📜 Post with us on Reddit
📝 Create a new article
🏭 Create a company page
🇬🇧 - in English
🇫🇷 - en Français (FR)
🇵🇹 - em Português (PT)
🇩🇪 - auf Deutsch (DE)
🇯🇵 - 日本語で (JA)
Sponsored articles

You can edit almost every page by Creating an account and confirming your email.

Cyber security awareness

From EverybodyWiki Bios & Wiki


Cyber security awareness refers to how much end users know about the cyber security threats their networks face and the risks they introduce.[1] End users are considered the weakest link and the primary vulnerability within a network.[2] Organizations allot funding to protect their networks from outside threats and reduce vulnerabilities. Being that end users are a major vulnerability, technical means to improve security are not enough: organizations must also provide training for a personal awareness of cyber security. They should educate employees on current threats and how to avoid them.[3]

Overview

Threat agents normally look for the easiest way to gain access into a network, which is often the human element.[4] Specific attacks are designed to be most inviting to the users. A popular attack is to trick users into clicking a link within an email that contains malware, divulging sensitive information over the phone or through email. Spear phishing or social engineering are two of the most common attacks.

Spear phishing is an email crafted and sent to a specific person to whom it may appear to be legitimate.[5] Simple phishing generally relies on a simple bulk approach, and the low cost of sending phishing emails. Few targets are fooled, but so many are targeted that this is still a profitable fraud. By making the approaches more tailored to their victim, spear phishing appears more convincing and so is more likely to succeed. This can be either a bulk automated process, such as by accessing the address book of a past victim and sending simle fishing attacks to their contacts; coming from a recognised past contact, even these poor fakes are still more likely to be accepted. More sophisticatedly, spear phishing attacks may be hand-written to target specific high-value recipients, such as when trying to break into a particular system, rather than merely trawling en masse.

Social engineering is when someone uses a compelling story, authority or other means to convince someone to handover sensitive information such as usernames and passwords.[6][7] An end user who is trained in cyber security awareness will have the ability to recognize those types of attacks and avoid them.

Training

File:Infografia phishing.jpg
Example of a training poster

Larger organizations have a problem training their workforce in cyber security awareness.[8] There are a number of different approaches that can be taken to provide cyber security awareness training.[3] One of the easiest ways is to use posters, guides or tips.[9] Most organizations provide cyber security awareness training online or in person and employees are required to take the training annually.

References

  1. Kim, L. (April 2017). "Cybersecurity awareness: Protecting data and patients". Nursing Management. Springhouse. 48 (4): 16–19. doi:10.1097/01.NUMA.0000514066.30572.f3. PMID 28353477.
  2. Kemper, G. (2019), "Improving employees' cyber security awareness", Computer Fraud & Security, 2019 (8): 11–14, doi:10.1016/S1361-3723(19)30085-5
  3. 3.0 3.1 "What is Cyber Security Awareness Training and Why is it so Important?". FraudWatch International. 21 December 2018. Archived from the original on 29 April 2019. Retrieved 16 March 2020.
  4. Abawajy, J. (2014). "User preference of cyber security awareness delivery methods". Behaviour & Information Technology. 33 (3): 237–248. doi:10.1080/0144929X.2012.708787.
  5. "What is Spear Phishing". usa.kaspersky.com. Retrieved 2020-02-25. Unknown parameter |url-status= ignored (help)
  6. Josh Fruhlinger (25 September 2019). "Social engineering explained: How criminals exploit human behavior". CSO. IDG Communications.
  7. "What is Social Engineering?". www.webroot.com. Retrieved 2020-02-25.
  8. Bada, M.; Nurse, J. R. C. (2019). "Developing cybersecurity education and awareness programmes for small and medium-sized enterprises (SMEs)". Information and Computer Security. 27 (3): 393–410. arXiv:1906.09594. Bibcode:2019arXiv190609594B. doi:10.1108/ICS-07-2018-0080. ISSN 2056-4961.
  9. Tasevski, P. (2016). "IT and cyber security awareness – raising campaigns". Information & Security: An International Journal. 34 (1): 7–22. doi:10.11610/isij.3401.


This article "Cyber security awareness" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:Cyber security awareness. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.

Page kept on Wikipedia This page exists already on Wikipedia.

Retrieved from "https://en.everybodywiki.com/index.php?title=Cyber_security_awareness&oldid=5154932"
License CC BY-SA 3.0
Powered by MediaWiki