The Key most important thing is PREVENTION because we all believe, "Prevention is better than cure".
Sadly, many believe when it comes to Cyberattacks prevention, it is a job of a certain group of people. This myth is false – everyone has apart to play when it comes to Cyberattacks prevention. In other words preventing Cyberattacks start from an individual level.
A Nation may have the best Strategy to prevent Cyberattacks; a company/organasation may have firewalls, network monitoring software, authentication processes, policies and many other mechanism to prevent Cyberattacks but if an individual is doing nothing to add value in preventing Cyberattacks – The problem will never end.
Passwords, Browsing the internet, connecting to free Wi-Fi and social engineering are some of the things each of us need to pay attention and we should not wait for someone else to come at aid.
Have you ever pause and ask yourself, how strong is your password? How often do you change it? Do you share it with others? Can it be accessed easily through phone calls or any other means? – An organisation can be tough making sure only strong passwords are used and put measures to enforce users to change their passwords at a given time but an individual can share password or allow it to be accessed easily; doing so can also lead to Cyberattacks.
An individual can connect through free Wi-Fi which a very vulnerable with Man-In-The-Middle attacks. Sometimes an individual may browse through malicious sites (with malware hidden in them) or maybe manipulated by a malicious cybercriminals by deception, into giving out information, or performing an action (Social engineering)
We have seen many companies with great defense mechanisms against Cyberattacks yet fall victims – The study shows Humans are the weakest link to the security chain; and many of the attacks are caused by the human (A failure from an individual level) in preventing Cyberattacks.
What should be done?
Effective awareness program is the key - A successful defense depends on having good policies and educates our people to follow them. We should constant remind everyone on their role to play in preventing Cyberattacks.
There are series of trainings in this regards, aiming to raise awareness to our people on how each can play a role to prevent cyber attacks.
Providing a good training on Phishing, Click Jacking and password, Mobile device security, insider threat and others may help our people to know their roles in protecting our cyber space.
All these awareness training should be done repeatedly because of human nature to forgetting easily. It is our duty to remind them often through formal and informal awareness programs that preventing Cyber attack begins with you, me and us.