We are at the beginning of 2021, and for many organizations, this is the start of a new security awareness program. What can we expect in the coming year? We are happy to show you the security awareness trends and developments in 2021.
Research shows that our cyber behavior is much more unsafe than we think. Now that we are working from home, the separation between business and private life has almost disappeared. It now becomes more vital to train employees in your organization's resilience to cyber-attacks and make them aware of unsafe working dangers.
1. More data leaks when working from home
Working from home offers advantages: no more traffic jams and you can start your working day whenever you want. But in the field of information security, risks are growing. Does everyone work safely via a virtual private network (VPN)? Do we read business e-mails on private equipment? What are the risks of video conferencing?
Hopefully, we will return to the office soon, but working from home will remain the new normal. As a result, the number of data leaks will increase. We are often less focused on phishing attacks at home and companies have less insight into employee behavior. Most ransomware attacks take place on weekends and holidays because IT and security personnel are free.
But even when we go back to the office, more phishing attacks will be waiting for us. Returning to the office requires up-to-date information and new protocols. Cybercriminals will respond to this and work even more sophisticatedly.
2. Data protection becomes more difficult
Proper compliance with General Data Protection Regulation (GDPR) laws and regulations is an even greater challenge now that employees often work from home. We expect more incidents to occur with possible fines as a result.
3. Security culture as part of the corporate culture
Gartner predicts that by 2022, 60% of organizations will have an FTE on information security. Security awareness is becoming progressively crucial within organizations with increased information processing and compliance with proper data protection.
Now that we work outside of the office where and when we want, we need to be even more diligent in our security awareness. Therefore, the security culture will play a more prominent role and form an integral part of the corporate culture. CISO's task is to ensure security and reduce risks.
4. Demand for digital security awareness programs continues to increase
The demand for e-learning and digital security awareness increased enormously last year. Not surprisingly, digital communication was the only way to draw attention to security awareness for many organizations. An advantage of this is that digital communication contributes to continuity.
Presentations in 'real-life' are often only given once a year, but digitally you can do this whenever you want. A continuous program with repeated attention ensures that knowledge lingers. Digital security awareness will also remain popular in the future.
5. Security awareness training can be fun
Dry click-through videos, lists and the transmission of knowledge about guidelines and policies are a thing of the past. We want employees to work safely and be cyber-aware. In order to ensure that all knowledge is retained and employees enjoy going through an e-learning module, it is essential to make learning materials interactive and fun.
That's why our revamped e-learning approach is bursting with gamification and story-based learning. It's about the employee's experience and interaction with the learning material. This completely new approach is extremely popular with our customers and scores high with employees. This year we will be launching even more new modules.
6. Gamification new security awareness trend
We learn most in practice. The greater the experience, the greater the effect and the chance that the knowledge lingers.
Interactive e-learning modules lay a good foundation, but the best results are achieved using theory and practice together. That's why we have developed a cyber escape room to improve the cyber awareness of employees.
The new VR game interactively challenges players to solve cyber-themed challenges using your mobile phone with VR cardboard or with VR glasses.
7. Rise in WhatsApp and SMS phishing
Phishing is no longer only done via e-mail. Fake messages via WhatsApp, SMS and social media are on the rise.
Cyber-attacks on healthcare organizations have increased by 45% since last November. Internet criminals have a keen sense of where the workload in organizations is high and respond cleverly. This will only increase.
8. Multi-factor authentication is becoming more important
Multi-factor authentication (MFA) makes it more difficult for hackers to obtain sensitive information. MFA is a method that verifies a user's authenticity in more than one way. The combination of several factors ensures that access control security is tightened. These extra precautions help us to work safely, but we must keep thinking for ourselves.
9. Ransomware threat is increasing
Ransomware is malicious software that blocks your computer and locks files. You get your files back when a ransom is paid. Ransomware has become a primary threat. The business impact is so great that not only CISOs are concerned with this, but it has also become a concern of management.
Over the past year, there were many ransomware cases in the news: Maastricht University and Hof van Twente's Municipality are a few of the victims. We have seen that ransomware attacks are increasing in recent years, and ransom amounts are getting higher.
The role of the employee is important in almost all attacks. In the first instance, the employee must be trained in recognizing phishing and the use of strong passwords. Also, the employee must be aware of suspicious situations, such as the failure of virus scanners.
In 2021, we will launch a total ransomware package that maps the necessary technical measures and trains employees to test the package's effectiveness.
10. Measuring: organizations want to know how they're doing
Fortunately, the time when only policies were communicated is far behind us. We are getting smarter at improving our security awareness. But we also want to know more and more precisely what the effects of our hard work are.
A cybersecurity culture measurement is indispensable when security awareness becomes an integral part of the corporate culture. These measurements give you the specific data to take with you on your journey towards sustained behavior change. An ideal tool to measure the progress and development of security awareness within your organization.
In 2021, we will still work from home. This offers cybercriminals new possibilities to cause damage. Make your people the best defense in the fight against digital threats by including the human factor as an integral part of your security awareness policy.
Is your organization still preparing plans for 2021? Do you have questions about setting up an effective and measurable security awareness program? Do you want to discuss the human factor in information security? Please don't hesitate to contact us.
In the meantime, we will continue to develop leading and innovative awareness programs for organizations. Together we create a safe working environment.