To access material, start machines and answer questions login.

What is security awareness?
You are at the heart of your organization and play a key role in keeping it safe against cyber attacks. Understand what it takes to be security conscious by walking through the most common attacks seen in the industry, and learn how to mitigate potential threats. Become more security-aware and improve your cyber hygiene in the security awareness module.
Based on a report from IBM, human errors were the main reason for 95% of successful cyber attacks. The study concluded that people are the main threat to the security of a business. Being more security-aware will significantly help mitigate potential threats and risks to your organization.
Who is security awareness for?
Everyone! It's everyone's responsibility to be security-aware. No matter your role at your company, you could be a potential target for cybercriminals; especially given your access and knowledge inside your organization.
Nowadays, remote working is common in many organizations, and many will spend most of their time working on their personal computers, which increases the risk of being a primary target for cyber security attacks.
Hackers use a variety of tools and methods to gain access to staff computers and corporate networks. Security breaches can cost a company millions of dollars; based on an online report, the average cost of a data breach was a massive $3.86 million. As well as the huge cost to handle a cyberattack, it also damages the reputation and trust of customers and partners.
Security awareness training is a must-have skill to counter efforts by attackers and reduce risks within the business. A few of the benefits are below:
- Help prevent data breaches
- Minimize and reduce risks and threats
- Improve IT defenses
- Improves customer confidence
Based on Proofpoint's study, the following diagrams show the effectiveness of security awareness training:
- 95% reduction in malware and viruses and a greater awareness of cybersecurity threats in a financial institution.
- 90% reduction in attempted phishing attacks in an educational institution.
- 80% reduction in fraud attacks on government employees.

Everyone holds sensitive data, whether it be personal information, customer data, financial reports, or company details, obtaining data (or holding it to ransom) is a cybercriminal's main objective.
The following diagram illustrates the top 10 data breaches by some of the large companies in history, the number of people who were affected and the type of data that was leaked.

How many people were affected by eBay being hacked?

The impact of cyber threats increased significantly during the pandemic, primarily due to the increase in home working. The following points are potential consequences of a successful cyberattack:
- Legal penalties (lawsuits and GDPR)
- Reputational damage
- Disruption to trading
- Financial loss
- Loss of Sensitive Data
Criminals can use the information found in data breaches of companies to perform targeted social engineer attacks or phishing campaigns (more on this in future security awareness rooms). Have I Been Pwned is a service that keeps track of data breaches leaked information, giving you the ability to find out if you've been a victim of a previous data breach. Search your email or phone number, and it will reveal if your personal information has ever been leaked.


The motivation of threat actors may vary and can be categorized into different groups:
- Nation-state cyber threat actors are geopolitically motivated.
- Cybercriminals are financially motivated.
- Hacktivists are ideologically motivated.
- Terrorist groups are motivated by ideological violence.
- Thrill-seekers are motivated by satisfaction.
- Insider threat actors are motivated by discontent.
Who would most likely be interested in exploiting a personal computer for fun?
Who would most likely be interested in exploiting a website to deliver a message?
This room introduced you to the basics of security awareness concepts and knowledge that can help you stay safe online. We discussed the importance of security awareness and why it's essential that you play your part in helping to prevent cyber attacks.
In the next room, we will be reviewing some of the common attacks that cyber threat actors can use to gain access to sensitive data, computers, or networks using practical scenarios and exercises.
Complete this task and join the common attacks room.
Created by
Room Type
Free Room. Anyone can deploy virtual machines in the room (without being subscribed)!
Users in Room
46,086
Created
1302 days ago
Ready to learn Cyber Security? Create your free account today!
TryHackMe provides free online cyber security training to secure jobs & upskill through a fun, interactive learning environment.
Already have an account? Log in