Some Employees Think They Can Dodge Cyber Security

The number of cyber attacks is estimated has risen by 67% over the last five years, with the majority of these data breaches being traced to human error. CIOs are under more pressure than ever before when it comes to cybersecurity concerns, especially now that many or even all of the staff in their organisation are working from home, perhaps using unfamiliar software and hardware as they try to do their jobs under lockdown

The potential risks of such attacks are vast and can have a serious impact on both organisations and individuals, but protecting against cyber security threats can be extremely complicated. Not only is the technology we use every day getting more complex, but attackers are constantly finding new ways to bypass security measures.

Mimecast has released a study titled Don't Just Educate: Create Cybersafe Behaviour. The survey shows that while customer data breaches and reputational damage around the world is encouraging businesses to re-examine their security practices, employee cyber behaviour still needs to change.

The survey, conducted by Forrester Consulting, found that while 59% of security and IT managers think they are 'ticking the security compliance box', their employees report a huge disconnect. More than half of the 240 employees surveyed in APAC (53%) disagree with that statement, and 51% believe their managers do not stress the importance of good security practices.

The survey was conducted across Australia, Hong Kong, New Zealand and Singapore between January and February 2020 and involved 120 senior IT and business decision makers responsible for cyber safety at companies with more than 100 employees. Respondents represented 20 industry sectors including government, healthcare, legal, marketing, energy, telecoms, transport and logistics. 

The survey included a wide range of questions around Security Awareness and Training (SA&T) Programs in APAC, including security measure and implementation, employee behaviour changes, security culture and overall effectiveness in delivering effective training programs. Results of the employer survey were measured against feedback from 240 knowledge workers within these companies, who regularly use email and digital channels in the workplace.

Across the region the study also found that attending training activities does not necessarily translate to a change in behaviour for employees, with a third of SA&T attendees still admitting to flouting security policies, increasing to more than 50% for respondents in New Zealand.

"While security leaders in APAC believe they've made security a social norm by leading and encouraging others, this survey underscores that employees are not retaining, understanding or implementing key areas of cyber security training - and the existing outdated modes of training are simply not bringing about behavioural change," said Nick Lennon, of Mimecast.  

Additional findings from the Forrester Consulting study include:

  • Traditional SA&T is long and unengaging, uses outdated content types, and does not rely on behavioural science to achieve its objectives of behaviour and culture change.
  • As a result, employees' behaviours are not changing, which further contributes to a disconnect between employers' perceptions and how their employees really feel about security.
  • APAC firms must advance SA&T programs by exploring alternative content types, providing different methods of delivery based on employee preferences, and extending training outside the workplace.

Business leaders and employees need to understand and value the importance of cyber security best practice within their organisation. They simply cannot ignore the consequences or circumvent the protocols,” Nick Lennon said

Efforts to combat this within organisations often involves providing members of employees with relevant training sessions. But such training can quickly become obsolete, or simply forgotten. Workers also tend to be busy. When people are trying to complete other tasks, they might not remember to stay secure, particularly when doing so makes their job more difficult or time consuming. 

Mimecast:      MarketWatch:      Yahoo:      ZDNet:  

You Might Also Read: 

Take Action On Cyber Security Training:


Business need cyber security training and we at Cyber Security Intelligence recommend GoCyber training for all employees and management please contact Cyber Security Intelligence for a free trial.
 

For more information and a Cyber Audit about your organisation’s cyber risks and about security risks in your industry please contact Cyber Security Intelligence for a very economic strategic cyber assessment. 

« Is AI A Benefit Or A Potential Threat?
Using AI In Cyber Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

C3IA Solutions

C3IA Solutions

C3IA Solutions is an NCSC-certified Cyber Consultancy providing assured, tailored advice to keep your information secure and data protected.

EY Advisory

EY Advisory

EY is a multinational professional services firm headquartered in the UK. EY Advisory service areas include Cybersecurity.

IoT Now

IoT Now

IoT Now explores the evolving opportunities and challenges facing CSPs, and we pass on some lessons learned from those who have taken the first steps in next gen IoT services.

SlashNext

SlashNext

The SlashNext Internet Access Protection System (IAPS) provides Zero-Day protection against all internet access threats including Social Engineering & Phishing, Malware, Exploits and Callback Attacks.

CloudMask

CloudMask

CloudMask patent technology provides Dynamic Data Masking (DDM) that masks sensitive data, structured or non-structured, in real-time.

Penacity

Penacity

Penacity, LLC provides strategic consulting technology services and Information Security Services to commercial and government organizations.

Maven Security Consulting

Maven Security Consulting

Maven Security Consulting helps companies secure their information assets and digital infrastructure by providing a wide range of customized consulting and training services.

StateRAMP

StateRAMP

StateRAMP reduces risk from unsecure cloud solutions and protects data by providing State and local governments a standardized approach for verifying and monitoring security postures.

The ATOM Group

The ATOM Group

ATOM builds and secures technology for regulated industries. We design and build for a future we can all trust.

Raxis

Raxis

Raxis is a cybersecurity company that hacks into computer networks and physical structures to perform penetration tests, assessing corporate vulnerability to real-world threats.

Ascent Solutions

Ascent Solutions

Ascent is built to help firms evolve their cybersecurity posture, modernize their Microsoft solutions, and accelerate their journey to the cloud.

Trustmarque

Trustmarque

Trustmarque delivers customer-centric IT solutions that enable better outcomes. We combine the technology, expertise and services to release value at every stage of the IT lifecycle.

ShieldIO

ShieldIO

ShieldIO Real-Time Homomorphic Encryption™ enables your organization to reach regulatory compliance without compromising data availability.

Professional Labs

Professional Labs

Professional Labs specialize in simplifying complex problems for our customers with Cloud Services, Managed Services and Cyber Security.

SEALSQ

SEALSQ

For the last 25 years, SEALSQ have been developing secure semiconductor chips, secure embedded firmware, and tested hardware provisioning services to serve the vision of a safer connected world.

Scope AI

Scope AI

Scope AI is an innovative technology company specializing in quantum security and machine learning.