Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More

Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Achieving Cyber Resilience With a Proper Training Program

A critical part of improving a business’ cyber resilience is ensuring staff, including the executives and the board of directors, are all champions of promoting and driving awareness when it comes to cybersecurity.

Many company do have this understanding, and one way to measure the importance organizations are placing on cybersecurity is by expenditures. Gartner in May 2021 it expected that about $150.4 billion would be spent on security in 2021, a 12.4% increase from 2020, with security awareness education and phishing defense being a focus for many organizations.

It is quite understandable that spending is at this level when one considers that the average downtime a company experiences following a ransomware attack is 21 days, and the average cost to recover from such an attack is estimated at $2 million. The money spent on prevention will be repaid if an attack is prevented.

A company with better cybersecurity awareness and education has an improved chance of defending itself or in a worst-case scenario properly reacting to a cyberattack. This level of preparation includes embedding security across the business and aligning security to business objectives and strategies. This will help the company respond quickly to threats and continue to operate and recover during or post-attack.

Implementing a level of cyber resilience from top to bottom in an organization will ensure a shift in the security culture by enabling all personnel to help keep their organization secure. 

This is particularly true when it comes to dealing with some of the more common dangers, such as phishing campaigns. The vast majority of successful cyberattacks start with a phishing email. Employees must learn to treat every email as potentially dangerous, making sure links and attachments are legitimate before clicking one.

But phishing is just one threat.

Another emerging problem organizations must prepare for through education and training is ransomware, and specifically when that malware involves a Ransomware as a Service (RaaS) operation.

RaaS is the sale or lease of ransomware malware by its developers. Making the malware available “off the shelf” allows less technically capable criminal organizations to launch sophisticated attacks. RaaS is worrisome as it broadens the potential pool of threat actors to anyone with the funding and desire to launch such an attack.

However, while training is a necessity, an organization must be careful how a regimen is implemented.

One issue that arises when training is increased and emphasized is employee training fatigue. The ever-increasing level of mandatory training and awareness delivered to staff covering corporate, legal, and regulatory topics can lead to this very important education being seen as nothing more than a tick-in-the-box exercise and drain employee interest to fully participate and engage with the subject.

To tackle this challenge, organizations must deliver training that is engaging, authentic, and tailored to that organization.

One way to help retain worker interest is to conduct a crisis simulation. Such activities give participants invaluable experience of reacting during a realistic simulation and enable them to collaborate and hone their skills in a safe and controlled environment. 

Trustwave often facilitates Cyber Security Crisis Simulation Exercises. For each simulation workshop, the following considerations are made:

  • Work collaboratively with the client to understand the drivers and their objectives
  • Identify if the client requires a ‘standard’ simulation workshop or a fully bespoke workshop
  • Customize the workshop material to client requirements based on a number of ’injects’ (an ‘inject’ is akin to an ‘event’) escalating narrative.
  • Each narrative typically starts with a technical-orientated issue and builds to a full-blown operational crisis.
  • We bring workshops to life by using a series of interactive injects, briefings, and videos.
  • Workshop members are grouped into teams to discuss a solution after each inject. They then conduct a presentation after each inject, offering their thoughts to the wider group for discussion. 
  • Also, after each inject, workshop members will discuss what they could/should do at each stage.
  • The event, which usually lasts about four hours, concludes with the staff reinforcing the actions taken and covering the lessons learned.
  • Finally, the participants create an executive report on findings, data, observations, and recommendations.

 

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo