While I was going through 4 Survey reports of Computer Crime and Security Survey, I found an interesting Correlation between Training and Information Security Loss.
From the 2003 to 2006 survey reports, I observed that the data was lost in many ways and the attacks were coming from both outsiders and insiders in an organization. In order to prevent this, we can use new technology (software and hardware) to stop the outside attacks, but how can we stop our insider attacks?
Well, training is the best solutions for minimizing such attacks. Let’s look at some facts that proved training to be the answer for this.
From 2003 to 2004 organizations have not conducted training sessions, which caused the organizations $11 Million loss in 2003, $10.5 Million loss in 2004, while in 2005 organizations conducted training sessions, which were not effective for their employees and caused the organizations $6.8 Million loss in 2005. However in 2006, organizations have taken an initiative in allocating budget for analysis and training, and conducting the training programs. The result of these training programs is the data loss through Insider attacks decreased by more than 75% i.e. $1.8 Million saving in 2006.
Even though the data is from Past reports, if information security training programs are conducted on a continuous basis Insider attack Losses can be reduced. We can prevent insider attacks only by creating awareness and by training the employees. What do you say?