Some Employees Think They Can Dodge Cyber Security

Uploaded on 2020-06-23 in JOBS-Training, JOBS-Careers, FREE TO VIEW

The number of cyber attacks is estimated has risen by 67% over the last five years, with the majority of these data breaches being traced to human error. CIOs are under more pressure than ever before when it comes to cybersecurity concerns, especially now that many or even all of the staff in their organisation are working from home, perhaps using unfamiliar software and hardware as they try to do their jobs under lockdown

The potential risks of such attacks are vast and can have a serious impact on both organisations and individuals, but protecting against cyber security threats can be extremely complicated. Not only is the technology we use every day getting more complex, but attackers are constantly finding new ways to bypass security measures.

Mimecast has released a study titled Don't Just Educate: Create Cybersafe Behaviour. The survey shows that while customer data breaches and reputational damage around the world is encouraging businesses to re-examine their security practices, employee cyber behaviour still needs to change.

The survey, conducted by Forrester Consulting, found that while 59% of security and IT managers think they are 'ticking the security compliance box', their employees report a huge disconnect. More than half of the 240 employees surveyed in APAC (53%) disagree with that statement, and 51% believe their managers do not stress the importance of good security practices.

The survey was conducted across Australia, Hong Kong, New Zealand and Singapore between January and February 2020 and involved 120 senior IT and business decision makers responsible for cyber safety at companies with more than 100 employees. Respondents represented 20 industry sectors including government, healthcare, legal, marketing, energy, telecoms, transport and logistics. 

The survey included a wide range of questions around Security Awareness and Training (SA&T) Programs in APAC, including security measure and implementation, employee behaviour changes, security culture and overall effectiveness in delivering effective training programs. Results of the employer survey were measured against feedback from 240 knowledge workers within these companies, who regularly use email and digital channels in the workplace.

Across the region the study also found that attending training activities does not necessarily translate to a change in behaviour for employees, with a third of SA&T attendees still admitting to flouting security policies, increasing to more than 50% for respondents in New Zealand.

"While security leaders in APAC believe they've made security a social norm by leading and encouraging others, this survey underscores that employees are not retaining, understanding or implementing key areas of cyber security training - and the existing outdated modes of training are simply not bringing about behavioural change," said Nick Lennon, of Mimecast.  

Additional findings from the Forrester Consulting study include:

  • Traditional SA&T is long and unengaging, uses outdated content types, and does not rely on behavioural science to achieve its objectives of behaviour and culture change.
  • As a result, employees' behaviours are not changing, which further contributes to a disconnect between employers' perceptions and how their employees really feel about security.
  • APAC firms must advance SA&T programs by exploring alternative content types, providing different methods of delivery based on employee preferences, and extending training outside the workplace.

Business leaders and employees need to understand and value the importance of cyber security best practice within their organisation. They simply cannot ignore the consequences or circumvent the protocols,” Nick Lennon said

Efforts to combat this within organisations often involves providing members of employees with relevant training sessions. But such training can quickly become obsolete, or simply forgotten. Workers also tend to be busy. When people are trying to complete other tasks, they might not remember to stay secure, particularly when doing so makes their job more difficult or time consuming. 

Mimecast:      MarketWatch:      Yahoo:      ZDNet:  

You Might Also Read: 

Take Action On Cyber Security Training:


Business need cyber security training and we at Cyber Security Intelligence recommend GoCyber training for all employees and management please contact Cyber Security Intelligence for a free trial.
 

For more information and a Cyber Audit about your organisation’s cyber risks and about security risks in your industry please contact Cyber Security Intelligence for a very economic strategic cyber assessment. 

« Is AI A Benefit Or A Potential Threat?
Using AI In Cyber Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Global Forum on Cyber Expertise (GFCE)

Global Forum on Cyber Expertise (GFCE)

GFCE is a global platform for countries, international organizations and private companies to exchange best practices and expertise on cyber capacity building.

Capula

Capula

Capula is a leading system integration specialist for control, automation and operational IT systems across all applications and industry sectors.

ITRecycla

ITRecycla

ITRecycla are specialists in the protection of sensitive computer data by data destruction, re-marketing of reusable computer equipment, computer recycling and disposing of electronic e-waste.

Liongard

Liongard

Liongard automates the management and protection of modern IT environments at scale for IT MSPs - Managed Service Providers and Enterprise IT Operations.

spriteCloud

spriteCloud

spriteCloud is an independent software testing, test automation and cybersecurity services provider.

SOC Experts

SOC Experts

SOC Experts is a pioneer (we started SOC training well before people realized how big the domain was going to be) and the only institution to provide end-to-end training on Security Operations Centers

Neosecure

Neosecure

NeoSecure is a specialist Cybersecurity Solutions and Managed Services provider in Latin America.

Cybersecurity Center for Secure Evolvable Energy Delivery Systems (SEEDS)

Cybersecurity Center for Secure Evolvable Energy Delivery Systems (SEEDS)

SEEDS conducts research and develops innovative cybersecurity technologies, tools, and methodologies that advance the energy sector’s ability to survive cyber incidents.

Cisco Networking Academy

Cisco Networking Academy

Cisco Networking Academy is the world's largest classroom, bringing technology education, 21st-century skills, and improved jobs prospects since 1997.

FCI

FCI

FCI is a NIST-Based Managed Security Service Provider (MSSP) offering Cybersecurity Compliance Enablement Technologies & Services to Financial Services organizations.

Northdoor

Northdoor

Northdoor provides a comprehensive set of services around information security and works with leading global technology vendors to deploy and manage cyber security solutions.

Silent Push

Silent Push

Silent Push maps all internet-facing infrastructure with searchable, advanced attributes, generating early indicators of potential threats that are tailored to your environment.

APCERT

APCERT

APCERT cooperates with CERTs and CSIRTs to ensure internet security in the Asia Pacific region, based around genuine information sharing, trust and cooperation.

Silverse

Silverse

At Silverse, we specialize in building a comprehensive cybersecurity journey, anchored by our extensive experience, industry expertise, and an ecosystem of trusted partners.

Oxylabs

Oxylabs

Oxylabs is the largest datacenter proxy pool in the market, with over 2 million proxies. Designed for high-traffic, fast web data gathering while ensuring superior performance.

Black Duck Software

Black Duck Software

Black Duck (formerly the Synopsys Software Integrity Group) is the market leader in application security testing (AST).