Conscious Awareness For Cyber Security

Before primitive societies, the most basic need was the physical needs in Maslow’s pyramid of needs, but today, the need for security as a part of social life in modern societies has begun to gain more importance. In today’s world where urban life is becoming more crowded day by day, Security and safety needs include personal security, financial security and health and well-being.[1]

Although Security Awareness is seen as a part of social life for every individual, it is an issue that should be evaluated for every interaction within the social network beyond individuals in today’s technological and digital-based modern world. Because a vulnerability at any point in our social network can negatively affect individuals who are far from technology.[2]

In this context, although security training is foreseen only for cyber workers today, it is actually a subject that should be evaluated in terms of every individual of modern society in a wider context. Cyber Security employees have to receive constantly updated training on cyber security attacks and defense methods and enlighten the society with the trainings they will receive.[3]

[1] McLeod, S. A. (2022, April 04). Maslow’s hierarchy of needs. Simply Psychology. ; also reachable at www.simplypsychology.org/maslow.html on 08.01.2023

[2] David J. Houghton & Adam N. Joinson (2010) Privacy, Social Network Sites, and Social Relations, Journal of Technology in Human Services, 28:1–2, 74–94, DOI: 10.1080/15228831003770775

[3] OZCAN, Mehmet S, Cyber ​​Awareness and Cyber ​​Subculture for All; Medium , Mar 30, 2022; avaliable at https://medium.com/@MehmetSOzcan/cyber-awareness-and-cyber-subculture-for-all-c38b980496c on 07.01.2023

Private institutions that provide public services, especially government institutions, have to keep their policies up to date against various phishing and ransomware attacks. It is a social responsibility to constantly renew the procedures applied, measures taken and in this context, the scope of training in case of cyber threat and attack.[1]

It is not a matter that can be limited to the fact that only cyber security employees receive this training and awareness, companies and other employees feel safe in the corporate sense.[2] Because, the adoption of cyber security concepts and practices by both company managers and non-cyber security employees at a minimum level and having a subculture are among the minimum standards of modern society and working life.[3]

Repetition and comprehensive updating of security trainings to cyber security employees;[4] raising awareness on those other than cyber security employees, creates a basis for stimulating social cyber security culture and awareness.[5] The formation of this culture and its transformation into practice in daily life will contribute to the establishment of the needed and expected “confidence environment”.[6]

[1] “Perspectives on transforming cybersecurity” , Digital McKinsey and Global Risk Practice March 2019 , McKinsey & Company.; also avaliable at https://www.mckinsey.com/~/media/McKinsey/McKinsey%20Solutions/Cyber%20Solutions/Perspectives%20on%20transforming%20cybersecurity/Transforming%20cybersecurity_March2019.ashx on 07.01.2023

[2] Cyber Security Culture in organisations, European Union Agency for Network and Information Security (ENISA), 2017; avaliable at https://www.enisa.europa.eu/publications/cyber-security-culture-in-organisations/@@download/fullReport on 10.01.2023

[3] Khando Khando, Shang Gao, Sirajul M. Islam, Ali Salman, “Enhancing employees information security awareness in private and public organisations: A systematic literature review”,Computers & Security,Volume 106, 2021,102267,ISSN 0167–4048, also avaliable at https://doi.org/10.1016/j.cose.2021.102267 and https://www.sciencedirect.com/science/article/pii/S0167404821000912 on 06.01.2023

[4] Muhly Fabian, Jordan Jennifer, Cialdini Robert B., Your Employees Are Your Best Defense Against Cyberattacks, Harvard Business School Publishing, August 30, 2021; avaliable on https://hbr.org/2021/08/your-employees-are-your-best-defense-against-cyberattacks at 09.01.2023

[5] Karyda, Maria, “Fostering Information Security Culture In Organizations: A Research Agenda” (2017). MCIS 2017 Proceedings. 28. http://aisel.aisnet.org/mcis2017/28 ; also avaliable on https://core.ac.uk/download/pdf/301373754.pdf at 05.01.2023

[6] Wiley, Ashleigh & McCormac, Ms & Calic, Dr. (2019). More than the Individual: Examining the Relationship Between Culture and Information Security Awareness. Computers & Security. 88. 101640. 10.1016/j.cose.2019.101640.

The main target of cyber attacks, which are changing and developing day by day, are the mistakes and unconscious actions of employees other than cyber security, and the company managers who see the investment in cyber security as unnecessary loss of time and financial loss.[1]

The way of working and the use of technology in companies are among the factors that attract many cyber attacks. Considering the great losses arising from simple mistakes such as sharing personal information by falling victim to the personalized and complex methods of the attacks, the largest target audience is employees and managers other than technical personnel (excluding cyber security employees who are tasked with fighting the attack).[2]

Therefore, trained cyber workers are the front line in protecting all personnel and the company against phishing.[3] In order to meet the requirements such as product and service quality in companies or public institutions with the contributions of all employees, the same consciousness, consciousness and awareness should be formed in all members of the company from head to toe.[4]

Employees and managers who are misinformed about cybersecurity and don’t know what to do about cyber risks or attacks can unconsciously endanger the rest of the company.[5] Cybercrime, which has increased by 600% in recent years, especially with the Covid Global crisis, has never been more important since the day it emerged.[6]

[1] Perry Carpenter Five Best Practices To Mitigate C-Suite Cyber Risk, Forbes, Nov 9, 2021; avaliable at https://www.forbes.com/sites/forbesbusinesscouncil/2021/11/09/five-best-practices-to-mitigate-c-suite-cyber-risk/?sh=1e5a05a85829 on 08.01.2023

[2] Liu Xiang, Ahmad Sayed Fayaz, Anser Muhammad Khalid, Ke Jingying, Irshad Muhammad, Ul-Haq Jabbar, Abbas Shujaat; Cyber security threats: A never-ending challenge for e-commerce, Frontiers in Psychology, VOLUME=13,2022; also avaliable at https://www.frontiersin.org/articles/10.3389/fpsyg.2022.927398/full on 09.01.2023

[3] Employees Make Best Frontline Phishing Defense, Threatpost, October 20, 2021, also avaliable at https://threatpost.com/employees-make-best-frontline-phishing-defense/175535/ on 09.01.2023

[4] Raising Awareness Of Cybersecurity, A Key Element Of National Cybersecurity Strategies, European Union Agency For Cybersecurity (ENISA), e-Governance Academy (EGA), November 2021; also avaliable at https://www.enisa.europa.eu/publications/raising-awareness-of-cybersecurity/@@download/fullReport on 10.01.2023

[5] URSILLO Steve, JR., ARNOLD Chrıstopher, Cybersecurity Is Critical for all Organizations — Large and Small, International Federation of Accountants, NOVEMBER 4, 2019; also avaliable on https://www.ifac.org/knowledge-gateway/preparing-future-ready-professionals/discussion/cybersecurity-critical-all-organizations-large-and-small at 10.01.2023

[6] The benefits of cyber security awareness training within universities, Open Access Government, July 19, 2022; also avaliable at https://www.openaccessgovernment.org/the-benefits-of-cyber-security-awareness-training-within-universities/139452/ on 09.01.2023

Many companies that want to be protected from cyber attacks feel the need to invest in cyber security awareness trainings to raise awareness of both their employees and managers.[1]

In particular, stopping human errors and insider threats from causing data breaches is one of the most important requirements of effective cyber security. Cyber Security awareness training, on the other hand, can be said to be any initiative that helps employees detect and protect against cyber threats in the workplace.[2]

According to a study, it is estimated that the cyber security market will reach a volume of 266.2 billion dollars in 2027.[3] Therefore, it would not be a prophecy to say that there will be a serious growth in cyber security awareness education. If the necessary training is not provided and the necessary expenditures and investments are not made, it is very difficult to estimate the extent of the damage.[4]

Cybercrime-related losses are expected to reach $10.5 trillion in 2025, up from $6 trillion in 2021.[5] With the rise of remote working due to the COVID-19 pandemic, it is also a fact that companies are the target of hackers more than ever before.[6]

Ninety percent of companies have faced an increase in cyberattacks due to the pandemic, according to a survey conducted in June 2020.[7] Even more worrying is; 93% of these companies said they had to delay security projects to help manage their company’s transition to remote work.[8]

In many countries, especially the UK, a large proportion of companies continue to lack personnel with technical skills, risk-suspicious incident response skills, and the skills necessary to manage cybersecurity policies.[9]

[1] Koziol Jack, Bottorff Cassie, “Cybersecurity Awareness: What It Is And How To Start”, FORBES, Mar 16, 2022, also avaliable at https://www.forbes.com/advisor/business/what-is-cybersecurity-awareness/ on 09.01.2023

[2] Khando Khando, Shang Gao, Sirajul M. Islam, Ali Salman,”Enhancing employees information security awareness in private and public organisations: A systematic literature review”, Computers & Security, Volume 106,2021, 102267, ISSN 0167–4048, https://doi.org/10.1016/j.cose.2021.102267.; also avaliable at https://www.sciencedirect.com/science/article/pii/S0167404821000912 on 11.01.2023

[3] Cyber Security Market by Component, Software, Security Type, Deployment Mode, Organization Size, Vertical and Region — Global Forecast to 2027, GlobeNewswire, September 09, 2022, also avaliable at https://www.globenewswire.com/news-release/2022/09/09/2513127/0/en/The-global-cyber-security-market-size-is-expected-to-grow-from-an-estimated-value-of-USD-173-5-billion-in-2022-to-266-2-billion-USD-by-2027-at-a-Compound-Annual-Growth-Rate-CAGR-of.html on 09.01.2023

[4] The benefits of cyber security awareness training within universities, Open Access Government, July 19, 2022; also avaliable at https://www.openaccessgovernment.org/the-benefits-of-cyber-security-awareness-training-within-universities/139452/ on 09.01.2023

[5] Why we need global rules to crack down on cybercrime, World Economic Forum, Jan 2, 2023; Also avaliable at https://www.weforum.org/agenda/2023/01/global-rules-crack-down-cybercrime/ on 10.01.2023; & Morgan Steve, “Cybercrime To Cost The World $10.5 Trillion Annually By 2025”, Cyberwarfare In The C-Suite., Sausalito, Calif. — Nov. 13, 2020, https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/ last visited on 10.01.2023

[6] Radoini Adil, Cyber-crime during the COVID-19 Pandemic, united nations interregional crime and justice research institute; https://f3magazine.unicri.it/?p=2085 last visited on 10.01.2023

[7] Sheng Ellen, Cybercrime ramps up amid coronavirus chaos, costing companies billions, CNBC, JUL 29 2020, https://www.cnbc.com/2020/07/29/cybercrime-ramps-up-amid-coronavirus-chaos-costing-companies-billions.html last visited on 10.01.2023

[8] Marousis Athena, Cybersecurity training lags, while hackers capitalize on COVID-19, 06 Apr 2021, https://www.talentlms.com/blog/cybersecurity-statistics-survey/ last visited on 07.01.2023

[9] Zatterin, Gabrielle and Atkins, Grace and Bollen, Alex and Shah, Jayesh Navin and Donaldson, Sam, Department for Digital, Culture, Media & Sport (DCMS), Ipsos MORI, Perspective Economics, corp creators. (2022) Cyber security skills in the UK labour market 2022 : Findings report. ; https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1072767/Cyber_security_skills_in_the_UK_labour_market_2022_-_findings_report.pdf last visited on 07.01.2023

Again, it is undeniable that 680,000 businesses (50%) in the UK have a basic skills gap, meaning they lack adequate cybersecurity skills to protect themselves against common online threats.[1]

In the same survey, in qualitative interviews conducted at these companies, it was seen that cybersecurity skills were not sufficiently understood and given importance both among management rules and IT teams. Therefore, it is crucial for leaders to have the skills to influence behavior and culture in their organizations and to discuss cybersecurity with senior executives in terms of business risk.[2]

Unless everyone in the company, from senior employees to new hires, has the same level of cybersecurity awareness, security is unlikely to be achieved unless they strive with the same determination to prevent phishing attacks.[3]

Therefore, in today’s world, where the threats we face are diversified and different phishing attacks are planned, each individual has a responsibility to ensure cyber security, and this responsibility is increasing day by day as the variety and risk of attack increases.

[1] Brown Lauren, Half of businesses lack basic cybersecurity skills, government warns, 7 April 2021; https://www.peoplemanagement.co.uk/article/1747197/half-of-businesses-lack-basic-cybersecurity-skills last visited on 08.01.2023

[2] Doan Matthew, Companies Need to Rethink What Cybersecurity Leadership Is, Harvard Business Publishing, November 27, 2019; https://hbr.org/2019/11/companies-need-to-rethink-what-cybersecurity-leadership-is last visited on 09.01.2023

[3] Raısıng Awareness Of Cybersecurıty: A Key Element of National Cybersecurity Strategies, European Union Agency for Network and Information Security (ENISA), Report, November, 2017; avaliable at https://www.enisa.europa.eu/publications/raising-awareness-of-cybersecurity/@@download/fullReport on 10.01.2023

Dr. Mehmet Savas Ozcan