From big banks to major retailers, data security breaches as a result of online hacking have become nearly commonplace. Online criminals are developing complex viruses at an astonishing rate, and no company, regardless of its size or history, should assume it is safe from a cyber-attack.

The cost of cybercrime across New Zealand is estimated at $250-400 million each year, with the average cost of each reported attack last year totalling just under $13,000. As significant as these costs are, they pale in comparison to what a cyber-attack can cost an organisation in terms of brand, reputation amongst its stakeholders, and customer trust and loyalty. Companies have been aware of these threats for some time but many have yet to take the steps they need to upskill their workforce accordingly and protect their business.

In becoming a more digitally-based workforce we expose ourselves more to cybercrime, but the majority of us fail to fully understand the true threat of cybercriminals and how they carry out their attacks. Essentially, a hacking attack happens when a third party attacks the IT infrastructure of an organisation, with the aim of causing some kind of harm. This can range from accessing and leaking sensitive information, to deliberately taking the company’s essential systems offline. The cybercriminals usually carry out their attack by exploiting a vulnerability in the target’s IT infrastructure.

This is where ethical hackers can make a real difference for businesses. Ethical hacking involves using the techniques of malicious hackers to identify the weak points in an organisation’s cybersecurity. That knowledge can then be used to improve the company’s digital defences. However, ethical hacking doesn’t stop at this kind of penetration testing. With the right skills in place, ethical hackers can advise businesses on all aspects of digital security, and make the organisation much more resistant to attacks. This advice can range from showing programmers and app developers how to make their code harder to hack, to alerting staff members to the dangers of phishing emails.

Having people in place to thwart cybercriminals has become a necessity for many companies. Google even has its own team of dedicated ethical hackers, and rewards people who spot vulnerabilities in its products, as it did with a Russian hacker who spotted a flaw in YouTube. But businesses needn’t have the resources of Google to ensure that their organisation is putting up its best digital defences. The first and most important step is for business leaders to provide their IT staff with the right tools and learning programmes to upskill and stay up-to-date on ethical hacking.

As the concept of ethical hacking has become more widely known, numerous opportunities for upskilling in this area have also emerged. However, it’s not enough to simply send an IT staff member on a day-long course. Hacking—and, therefore, ethical hacking—is a constantly changing area. It is far more effective for learners to have access to online courses where they can continuously refresh their knowledge as new threats emerge. Plus, this on-demand approach much more closely matches how IT professionals want to learn – at their own pace, on any device and in any location.

At the same time, business leaders should also be thinking of how they can leverage the IT department’s knowledge of cyberattacks to train the wider organisation. As PwC revealed in a recent study, the most vulnerable point of access to any company is its employees. Thirty-four percent of compromises in an organisation’s cybersecurity originate from employees themselves.

An informed and engaged IT department can empower staff throughout the entire company to think more seriously about cybersecurity. They can provide employees with insights into how to prevent putting the company at risk, whether it is through a piece of software that hasn’t been updated recently, a weak password, clicking on an unsafe link or using an unauthorised personal device in the office. Not many people would guess that even a simple something as simple as logging onto public wi-fi networks with a company laptop or smartphone can put an entire organisation’s IT infrastructure at risk.

It is an unfortunate reality that cyber-attacks aren’t going away. In fact, they are intensifying as an increasing amount of data and systems are digitised on an organisation’s networks. But companies can combat these threats by arming IT professionals with the tools they need to fight off cyber-attacks, and the opportunity to educate other members of staff in order to most effectively protect the organisation.

ABOUT DYLAN PERSAUD//

Fiona Sweeney is ANZ Director for Pluralsight, a global leader in online learning for professional software developers, IT specialists and creative technologists.