The pandemic has impacted businesses and schools all around the world, leading them to shift to remote work at scale. With organizations and schools rapidly expanding digital footprint across more and more digital workspaceOpens a new window applications, it is a hard time for security teams when it comes to identifying and mitigating cyber threats. Here’s the catch — even before the coronavirus outbreak, cloud adoption was outpacing the adoption of the tools needed to properly protect data in cloud environments. Bitglass’s Opens a new window Anurag Kahol, CTO, and co-founder says, “In 2019, 86%Opens a new window of organizations deployed cloud-based tools, but only 34% made use of single sign-on (SSO), a basic but critical capability for authenticating users and securing access to corporate cloud environments. This statistic suggests deeper underlying cloud security issues within organizations and indicates that data breaches will continue to rise around the world.â€
Cybersecurity experts warn of an increase in breaches related to compromised credentials with usage of cloud-based collaboration apps rising.Opens a new window title=”Opens a new window” target=”_blank” target=”_blank” rel=”nofollow”> LogRythm’sOpens a new window CSO James Carder says attackers are not using terrifically novel, new tactics during this time. “They are however, significantly upping the scale of existing attack vectors (phishing and watering hole types), and attacks are increasingly user-focused. Business operations are more focused on capacity, availability, and maintaining a productive workforce, while security is looked at for exceptions and compensating controls,†he said.
With remote work becoming a permanent trend, people will be the weak link in IT securityOpens a new window . Consider this — 80% of hacking-related breaches are still due to compromised, weak and reused passwords. Balbix State of Password User report Opens a new window indicates 99% of users reuse passwords not once, but 2.7 times on average between and across work and personal accounts. Experts also predict a rise in Business Email Compromise (BEC) attacks that target a recognized individual on a corporate network, baiting them to respond with sensitive data or financial transactions.
Amid the evolving environment, the survival of businesses and the wider industry depends on its overall cybersecurity maturity.Opens a new window The remote work model has necessitated the need for reinforcing cybersecurity awareness and training programs that employees truly understand, can relate to their day-to-day activities and become part of broader work policies.
Gartner predicts the cybersecurity awarenessOpens a new window market is expected to exceed $1.5 billion by 2021. Forward-thinking businesses will recognize the power of cybersecurity training programs to uplevel workforce and close the awareness skills gap. In this article, we look at how one of the leading Canadian universities, Athabasca University worked with Motimatic, the social impact company to take proactive measures, build cybersecurity awareness, and alert employees to the escalating threat environment.
Learn More: The Hidden Cost of Data Theft You Should KnowOpens a new window
Challenges
In 2019, Athabasca University in Alberta, Canada was under pressure to improve cybersecurity awareness and best practices among its 1,200 employees. The ground situation was critical — several email scams had tricked employees into responding and scheduled phishing tests resulted in low pass rates. Existing approaches such as online cybersecurity resources developed by senior IT professionals and trained modules from third-party providers did not result in higher awareness or improved cybersecurity education.
Objective
Athabasca University wanted to nurture a security-first culture and engage employees where they were the most receptive to change behavior about cybersecurity. The Athabasca team wanted to reach out in environments employees frequently accessed — such as social media. The university also wanted to get employees up to speed by teaching them to spot ever-changing phishing and pretexting techniques.
The team partnered with San Francisco-based social impact startup Motimatic Opens a new window to reach employees in these key environments, delivering personalized content to improve awareness of cybersecurity best practices and increase uptake of training modules. The company draws upon advances in behavioral science and digital marketing to encourage positive behaviors at school and work.
Solution
MotimaticOpens a new window built a custom called GuidePosts, delivered as sponsored content on Facebook, Instagram, and through the Google Display Network. The Motimatic team implemented GuidePosts over six months and targeted 1,200 faculty and staff who received these posts. The posts addressed two key areas:
- Best practices on accessing key resources
- Building phishing Opens a new window awareness
The startup deployed a behavioral strategy and its algorithm-driven vectors deliver optimized sequences of GuidePosts. The scientifically-backed content and proprietary algorithms presented the right messages at the right time so that employees became aware of and primed to spot sophisticated cyberattack tactics.
Learn More: Navigating Security and Compliance Landscape in the Age of COVID-19Opens a new window
The impact was seen across three key goals:
1. Phishing Tests: The Athabasca team managed to overcome low pass rates by registering 50% improvement in employee pass rates on the phishing tests
2. Engagement with training module: By partnering with Motimatic, the University saw a 49% increase in video-based training modules
3. Uptake of Cybersecurity Resources: The team saw a 5x rise in website visits, with employees visiting online cybersecurity resources for beefing awareness.
According to Jennifer Griffin Schaeffer, Vice President IT and CIO, Athabasca University, “We were looking for innovative approaches to cybersecurity awareness and found one in Motimatic. The solution is engaging and effective. I’ve recommended it to several colleagues already.†The university has also expanded its engagement with Motimatic by extending the program to over 30,000 students.
In the words of Mihir Shah, CEO of Motimatic, “Most cybersecurity training and awareness solutions fall short because most employees don’t engage, or quickly forget what they’ve learned. It’s challenging for cybersecurity lessons to sink in when employees have so many other things on their plate. Motimatic leverages the power of social media to reach them when they’re in different mindsets, and open to hearing messages that are not directly related to their to-do lists.â€
Learn More: Best Practices to Fight Phishing & Strengthen Cybersecurity in COVID-19 EraOpens a new window
Wrapping Up
With cybersecurity threats landscape expanding, senior leaders and employers should remain focused and vigilant about suspicious activities and phishing attacks. Cybersecurity awareness programs present an opportunity for systemic changeOpens a new window and reduce corporate risk significantly. It is also a way to bring about change at a corporate level, change employee behavior, and significantly improve policy compliance.
Do you think companies should redouble cybersecurity awareness programs among employees? Comment below or let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to hear from you!