The Cyber Stars Initiative
Now Delivered in 19 Countries, the Cyber Stars Initiative is an Effective and Sustainable Solution to Cyber Security Awareness for Businesses
What is Cyber Stars?
Cyber threats cost Global business an estimated $400 billion in 2015. Up to 93% of those attacks were facilitated by human error or a lack of cyber awareness. The Cyber Stars Initiative was developed to help reduce the cyber threat to business generated by a lack of employee awareness and confidence. The Cyber Stars Initiative is the only cyber security awareness programme with an official UK Government regulated qualification attached.
The Cyber Stars Initiative is far more than just a training course, or even a qualification. Cyber Stars provides a sustainable solution to cyber security awareness in an ever evolving landscape.
The Cyber Stars Initiative is built upon three crucial pillars, without these, a cyber security awareness programme can not be effective.
- Profile Human Risk – We use state of art phishing and digital footprint software to measure and quantify human risk within your organisation
- Enable Positive Behaviour Change – A programme developed by a combination of technical experts, risk managers and behavioural psychologists ensures maximum personal engagement and measureable behavioural change.
- Sustain Awareness Levels – Cyber threats evolve on a daily basis and it is critical that employees are provided with an opportunity to remain current with threats. The Cyber Stars Portal provides an efficient and effective opportunity for non IT specialists to remain aware of cyber threat and spread awareness throughout their organisation.
Why do we Need Cyber Stars?
Cyber Security has been identified by both the UK Government and European Union as the single greatest threat to many businesses. The average cost of an effective cyber attack is now in excess of $1 million.
The fact that both the volume of cyber crime and the financial impact of that crime has risen significantly each year since 2008, acts as clear proof that existing awareness schemes are not working. Traditionally, cyber security focus has been on IT professionals, executives and infrastructure. Most organisations now have competent and qualified cyber security staff in place and we are increasingly aware of the critical infrastructure requirements supported by excellent schemes such as Cyber Essentials. Therefore, the question remains, why do we continue to struggle to cope with cyber crime? The response is clear:
- Research indicates that as few as 10% of cyber attacks are actually a result of infrastructure inadequacies. The primary cause of cyber security breaches within a business environment is human error, most frequently caused by a lack of general cyber security awareness and the confidence to respond.
- Cyber crime adapts at a far greater rate than existing training and awareness programmes. As infrastructure becomes more robust criminal actors seek to exploit the most vulnerable point within any network; the human.
- We have developed a culture in which responsibility for cyber security awareness and education has been limited to specific individuals within IT and network security positions. As a result, the cyber skills gap has increased. Most companies have a significant lack of understanding and acceptance of responsibility throughout the wider workforce, leaving clear vulnerable points within the business.
- Increasing levels of remote and mobile working reduce the ability for companies to manage the cyber threat as effectively, yet little or nothing is being done to increase awareness to the average system user.
- For those companies with cyber security awareness programmes in place, few if any have a robust metric for testing understanding and competence.
- Individuals receive no recognition for increasing their cyber awareness skill set, therefore personal buy in to cyber security at work is often minimal. The Cyber Stars scheme was specifically designed with a focus on educational psychology, ensuring personal engagement and acceptance of responsibility.
With the introduction of the EU General Data Protection Regulation (GDPR) fast approaching, businesses must act now to enable the required changes to cyber security culture within their business. The new GDPR provides a single, harmonised data privacy law. With the increasing risk of data breaches from cyber attack , the GDPR aims to prevent the loss of personal data by improving data security for all individuals living in EU member states. UK organisations have until June 2018 to comply with the new law, or potentially face fines of up to 4% of annual turnover or €20 million.
How do we Identify our “Human Risk” Profile
Spear Phishing Assessment
The processes of social engineering and phishing are responsible for over 85% of the human error breaches that lead to subsequent data loss. Identifying the level of human risk is often a difficult task and most staff are now aware of the key features of a crude phishing email and basic social media security, yet experienced attackers are rarely crude or basic. At the Cyber Stars Initiative we use state of the art Spear Phishing software to create organisation, role or department specific spear phishing emails that far better represent the real criminal threat. We are able to identify your overall business risk, as well as departmental or role specific risks.
Following the delivery of the Cyber Stars Initiative we are then able to retest this level of risk at regular intervals to prove the increased level of resilience within your organisation and identify those individuals that require further training.
Executive Digital Footprint Profiles
Social Engineering is the fastest growing Advanced Persistent Threat (APT) technique for malicious actors seeking to exploit individuals across all regions and professional sectors. Over 85% of all successful attacks against businesses, are email based and involve exploitation of digital footprints. Our digital footprints grow each year and increasingly provide an opportunity for blackmail, extortion and other types of criminality.
Social engineers and cyber criminals have discussed common methodology in terms of “target” identification and demonstrate that no longer than 5 minutes would be spent looking for leakage that presents an exploitable opportunity. Malicious actors will simply seek to exploit those individuals within an organisation that appear most vulnerable, often outweighing a requirement to access specific systems or data sets.
Our Digital Footprint Analysis is conducted by investigative experts and those with detailed knowledge of criminal methodology. We are able to identify personal vulnerabilities and allow individuals to realise and engage with their own digital footprint risk.
How Do Cyber Stars Work?
Traditional training programmes often lead to a skill fade from the second an individual completes that course. In an environment where cyber threats evolve at such a rate this often means that training is quickly outdated. The Cyber Stars Initiative provides an opportunity for exactly the opposite. On achievement of their qualification each Cyber Star will continue their awareness education. Each individual will be provided access to a Cyber Stars Portal. This portal contains a daily threat feed which can be filtered by sector, so that Cyber Stars can remain aware of threats specific to their industry. It also contains a range of educational materials and policy documents, allowing cyber stars to spread cyber security awareness throughout their organisation and remain aware of evolving threats.
It is then the Cyber Stars’ responsibility to access that portal on a regular basis and identify current and emerging cyber threats. The Cyber Star is then a nominated point of contact for circulating that awareness throughout their wider area of responsibility, ensuring a sustainable and holistic approach to cyber security education within a business environment.
Studies show that employees are far more receptive to information when it is transferred at a “peer to peer” level, rather than enforced through a hierarchical structure. The Cyber Stars initiative involves changing the organisational culture related to responsibility for cyber security. We do this by qualifying chosen members of staff from within each department to act as a Cyber Security Representative. This principal has been applied by businesses to satisfy a range of legislative requirements since the introduction of the Health and Safety at Work Act. The need is long overdue to apply the same principles to cyber security.
The responsibilities of a Cyber Star go beyond an increased personal understanding of cyber security. A Cyber Star is responsible for ensuring that good cyber security is adhered to within their workplace, educating colleagues and peers to specific threats. By qualifying a team of Cyber Stars, you are best placed to ensure organisation wide cyber security awareness and better still, a workforce that takes personal responsibility for cyber security.
All Cyber Stars will undertake the new ProQual Level 2 Award in Cyber Security Awareness for Business and as such will prove that they have the sufficient level of knowledge and competence to effectively implement an organisational level cyber security strategy.
Change cyber security culture within your organisation before it’s too late.
Cyber Stars “Lite”
Following the success of Cyber Stars we are proud to announce Cyber Stars “Lite”. Not every employee needs to be a Cyber Star, indeed the Initiative was developed to ensure that Cyber Stars spread threat knowledge and create a natural culture of awareness within the workplace, yet there is still a requirement for others to trained to basic standards and engage with cyber risk. We have found that traditional mandatory training is rarely effective or retained and have developed this programme to provide a more modern, current and engaging alternative to mandatory awareness training.
A fully accredited programme, Cyber Stars Lite involves education through fully immersive film. Through 45 minutes of film based education, learners will engage with a range of cyber security subjects in a manner that maximises engagement, understanding and retention. With the completion of an assessment we are able to provide a clear metric to an organisation of where individuals have achieved or any areas in which require more specific development.
Please enjoy a taste of the Cyber Stars Lite content here
This session was one of the best I have attended through Barclays with relevance that transferred across both professional and personal life. A great event and one I would certainly recommend.
Senior Product Manager, Barclays
“From the Cyber Stars delivery session and access to the online portal we have gained a further insight into how to protect our business from cyber-crime including malware, phishing, social engineering, invoice fraud and a greater understanding of our responsibilities relating to the reporting of cyber-attacks. “We identified how organisations are only as strong as their weakest link and how cyber security policy and training should include staff at all levels. The days of saying ‘it’s not my responsibility’ are now long gone as we are all potential targets.”
Kim Steward, Operations Director, THS Inspections
Just wanted to say a big thank you for a really useful and hugely productive day on the recent Cyber Stars training day.
Very topical content delivered with expertise and a little polish. Much appreciated.
VP Investment Banking , Barclays
For more information about Cyber Stars please contact us at Cyber@intqual-pro.com