The value of continued training is often overlooked in the hectic business world. We take a look at some examples of why it is important to make it a priority.
By Tim Spring
The Department of State’s Bureau of Cyberspace and Digital Policy (CDP) is sponsoring a training series to counter malware created by the Democratic People’s Republic of Korea (DPRK). The nine-day training program will be offered to six partner nations from Africa, Asia, and the western hemisphere, predominantly targeting employees and their public sector equivalent from security incident response teams. Increased training for cybersecurity across the globe is a key part of the US commitment to promoting a stable and reliable internet for all. In recent years malicious cyber activities by the DPRK have increasingly threatened the integrity and stability of the global financial systems, even stealing directly from banks.
This is probably the biggest news in the security space this week, and it has been covered by several news outlets. Here, we have a brief summary by Nathaniel Mott, a contributing writer to PCmag. While some believe this to be a particularly bold move, Patreon claims that this will in no way impact their ability to provide a secure platform and that they have partnered with a number of external organizations to continue to develop their security abilities. Security is an extremely important aspect of any business or product, and can be very costly when it goes wrong. One great aspect of verifiable credentials that Indicio is always stressing is their ability to tie into Zero Trust and your security stack.
Digital transformation is creating new security headaches for e-commerce, says Bruno Farinelli, a Fraud Analytics Manager for ClearSale. He points to shipping fraud, email phishing attacks, and ransomware and malware that exploit hybrid and remote workforce trends as the major trends. Citing TransUnion’s “2022 Global Digital Fraud Trends” Farinelli points out that shipping fraud has skyrocketed year-on-year since 2019, with package- rerouting scams exploiting good customer service practices. Similarly, business email compromise is a growing problem, with hackers pretending to be trusted suppliers or vendors. In this fascinating article, Farinelli argues that e-commerce businesses need to see employee security awareness as a process rather than a one-off training, as the points of attack and the means of defrauding business are constantly evolving. While this is ideal, it is unrealistic to expect employees to maintain sufficient security vigilance to defeat fraud. The reality is that all these problems can be solved with verifiable credentials that provide the kind of reliable authentication within a Zero-Trust framework.
Esther Shein, a freelance writer for TechRepublic, summarizes a recent report that found ransomware attacks are actively delaying procedures and tests, leading to increased complications and worse patient outcomes.
The article breaks down statistics from the report, some of the most staggering being:
- The study surveyed 641 healthcare IT and security practitioners, and more than 20% of organizations that experienced the most common types of attacks (cloud compromise, ransomware, supply chain and business email compromise) saw increased patient mortality rates.
- Healthcare organizations have an average of more than 26,000 network-connected devices, only 51% include them in their cybersecurity strategy.
- Ransomware attacks are most likely to have a negative impact on patient care, leading to delays in procedures or tests in 64% of the organizations.
- Only 59% address employees’ lack of awareness, with 63% conducting regular training and awareness programs and 59% resorting to monitoring employee actions.
Shein says that training and awareness programs are the top two defenses for healthcare providers, but lack of funding and resources is a consistent hurdle for security teams. The article leaves us with Ryan Witt, healthcare cybersecurity leader at Proofpoint, weighing in on the state of cybersecurity in healthcare – “Healthcare has traditionally fallen behind other sectors in addressing vulnerabilities to the growing number of cybersecurity attacks, and this inaction has a direct negative impact on patients’ safety and wellbeing… as long as cybersecurity remains a low priority, healthcare providers will continue to endanger their patients.”
As you can see from the above articles good training is important for both the organization and the employees that help make it successful. For those of you interested in training your own teams in decentralized identity, I highly recommend taking a look at some of the workshops offered by Indicio. The Business and Investor’s Guide to Self-Sovereign Identity is a great place to start for leadership or investors looking to understand the technology and be able to talk through their ideas with an industry expert.