Cyber security awareness refers to how much end users know about the cyber security threats their networks face and the risks they introduce. End users are considered the weakest link and the primary vulnerability within a network. Organizations allot funding to protect their networks from outside threats and reduce vulnerabilities. Being that end users are a major vulnerability, technical means to improve security are not enough: organizations must also provide training for a personal awareness of cyber security. They should educate employees on current threats and how to avoid them.
Overview
s normally look for the easiest way to gain access into a network, which is often the human element. Specific attacks are designed to be most inviting to the users. A popular attack is to trick users into clicking a link within an email that contains malware, divulging sensitive information over the phone or through email. Spear phishing or social engineering are two of the most common attacks. Spear phishing is an email crafted and sent to a specific person to whom it may appear to be legitimate. Simple phishing generally relies on a simple bulk approach, and the low cost of sending phishing emails. Few targets are fooled, but so many are targeted that this is still a profitable fraud. By making the approaches more tailored to their victim, spear phishingappears more convincing and so is more likely to succeed. This can be either a bulk automated process, such as by accessing the address book of a past victim and sending simle fishing attacks to their contacts; coming from a recognised past contact, even these poor fakes are still more likely to be accepted. More sophisticatedly, spear phishing attacks may be hand-written to target specific high-value recipients, such as when trying to break into a particular system, rather than merely trawling en masse. Social engineering is when someone uses a compelling story, authority or other means to convince someone to handover sensitive information such as usernames and passwords. An end user who is trained in cyber security awareness will have the ability to recognize those types of attacks and avoid them.
Training
Larger organizations have a problem training their workforce in cyber security awareness. There are a number of different approaches that can be taken to provide cyber security awareness training. One of the easiest ways is to use posters, guides or tips. Most organizations provide cyber security awareness training online or in person and employees are required to take the training annually.
