It’s clear most companies have some type of cybersecurity training; however, it’s not exactly meeting the standards in teaching employees the dangers of of careless online behavior…
In a recent study conducted by Experian, although companies invest millions of dollars annually on cybersecurity training for employees, employees’ efforts to maintain a strong security approach seem to be inferior. In fact it was reported that 66% of individuals surveyed confirmed employees are the weakest in securing the company’s protection posture. In turn, 55% of those surveyed mentioned their organization underwent a security breach or issue due to a careless employee. More than half of the respondents are convinced employees are not properly trained or knowledgeable of the risks at hand.
So, what are company security training programs lacking? It appears majority of companies have a single course available in security training (only less than half require the training); however, important topics are often overlooked, allowing employees more vulnerable to making mistakes that lead to a security issue. Out of those surveyed by Experian, those critical security areas that are often ignored are topics such as phishing and engineering attacks, mobile device security, and securing cloud services.
In addition, organizational culture often influences the insider risk of lack of security knowledge. Within the study, it was found senior management often makes security training and privacy a lesser priority. Of those surveyed, only 35% believe senior management within their company prioritizes the responsibility that employees are trained and taught on how security risks affect them and the company. Astonishingly enough, less than half felt a strong security approach was enforced as a piece of the company culture.
In conclusion, with the growing threat of malicious malware, specifically ransomware, this year alone, it is apparent stronger security along with continued training is needed at home and in the workplace. Effective measure and focus is required to fight the continued battle on malware. With continued education on privacy and data protection, security breaches and hacks would decrease within the workplace.