“Cybersecurity awareness and training is everyone’s business”

Posted on 10.04.17

“Cybersecurity awareness and training is everyone’s business”

Chris Moschella, Risk Advisory Services Senior Manager, shared his insights on cybersecurity awareness and training in an article for Inside Business, The Hampton Roads Business Journal.

Excerpt:

“W-2 fraud, spear phishing and executive impersonation wire-fraud scams are just a few of the attacks that target people rather than systems.

Although the “technical hack” still occurs (Equifax) security researchers agree most attacks start with individuals being targeted in their email. Many of these attacks cannot be caught by even the most advanced email filters.

So, we’re left in the unfortunate situation where, for certain types of cyberattacks, the end user is the only layer of defense. In many organizations, however, the prevailing view among leaders and employees is that IT security is the sole domain of the technology staff.

This creates a major gap between the reality of the threats and the defenses in place, which sadly leads to successful attacks against organizations every day. The reality truly is that cybersecurity is everyone’s business.

Sometimes referred to as the human firewall, a motivated and cyber-aware workforce is as important as any technological defense to the organization. The good news is, relative to other cybersecurity expenditures, a robust security awareness training program is fairly inexpensive, especially when considering the amount of risk it mitigates. The bad news is it takes executive buy-in and organization-wide cooperation.”

Access Full article.


 

Interested in learning how to protect your business from cybersecurity threats? Contact us. Our Cybersecurity team can help. Our team is focused solely on evaluating business processes, information technology controls, and security. As such, we possess a unique combination of business and IT expertise and communicate effectively with business and IT professionals alike.

The information contained within this article is provided for informational purposes only and is current as of the date published. Online readers are advised not to act upon this information without seeking the service of a professional accountant, as this article is not a substitute for obtaining accounting, tax, or financial advice from a professional accountant.

Posted by: Christopher Moschella, CPA, CISA

Chris is a Senior Manager in Keiter’s Risk Advisory Services. Chris has a strong combination of IT skills, which range from IT audit and internal control assessments, including general computer controls and application controls, to full stack web development. Most recently, Chris developed a Cybersecurity web application that assesses an organization’s resistance to social engineering attacks. Chris shares his cybersecurity insights on our blog