Companies have come a long way in their ability to ward off internal and external cyber-security threats. However, as the pace of technology innovation speeds up, the threat that companies face also increases in complexity. Guarding devices and online data is an ongoing (and always fluctuating) effort.
Poor Cyber Security Awareness
Over the last decade, cyber security evolved from a niche concept monitored primarily by governments and corporate IT managers into a mainstream issue commanding above-the-fold headlines and consumer attention.
The 2016 American elections were rife with stories of insecure servers, poor online security measures and overwhelming cyber security breaches, which may have derailed a candidate’s campaign. As expected, the average American and others around the world decried the use of a private server by a high-ranking government official.
Statistics from the Identity Theft Resource Center put the number of tracked data breaches in the US at 1,093, which led to an estimated $ 1 billion loss.
The 2020 IBM Cost of a Data Breach Report estimates an average of $3.86M per country in costs, with an average of 280 days before a breach was identified and contained.
This leads us to the question: who on earth is responsible?
In order to provide an answer to this question, CompTIA conducted an online survey of 1,200 full-time employees in the US about their use of technology, cyber security awareness, and security consciousness level.
The survey showed unearthed some mind-boggling statistics:
- 63% of employees use their work mobile device for personal activities
- 94% of employees connect their laptop/mobile to public Wi-Fi networks
- 49% of employees have at least 10 logins, but only 34% have at least 10 unique logins
- 45% of employees receive no cybersecurity training from their employers.
These statistics answer the responsibility question to a high degree. It clearly shows that employers and their corresponding employees are culpable to a high degree for data breaches that occur within the system.
Employee use of storage infrastructure is also a source of concern.
The ‘Stuxnet’ attack on Iran was uncovered in 2010. The attack, which rendered the centrifuges in Iran’s nuclear program defective, were caused by already installed malware in the USB sticks Iran purchased. Due to a lack of training and only a basic understanding of cyber threats, 17% of the program’s employees either clicked the contaminated link or in some cases even sent mail to the address provided on the disc. This utter lack of cyber security awareness was not limited only to Iran, as enterprises in the United States were also victims of Stuxnet.
Despite this growing visibility, most employees still demonstrate a lower level of cyber security understanding and behaviour, both in regards to protecting their devices and their personal information. The above case studies should serve as an eye-opener to employers worldwide on the importance of in-depth cyber-security training.
Integrating a Security Consciousness in Corporate Culture
Generally, employees are more likely to associate cyber security threats with identity theft while overlooking threats from malware and other phishing attacks. With anti-virus software, firewall protection, and other IT protocols installed, employees may feel that anything they do online is safe, or that if something were to happen, the technology would protect them. Not all breaches or identity theft incidents make the headlines, which may also lead some to underestimate their own vulnerability.
Therefore, the first step to combating security breaches is educating the workforce. This includes training with employees by IT professionals about the basics such as mitigating risk and securing both personal and work-related data.
Cyber threats are here to stay and with each passing year, the threats become varied and more sophisticated. Therefore, it is recommended that enterprises continuously update security measures as well as develop a cyber security-aware culture.
Royal IT provide Cyber Security Services, you can read more here.