Companies have come a long way in their ability to ward off internal and external cyber-security threats. However, as the pace of technology innovation speeds up, the threat that companies face also increases in complexity. Guarding devices and online data is an ongoing (and always fluctuating) effort.
Poor Cyber Security Awareness
Over the last decade, cybersecurity evolved from a niche concept monitored primarily by governments and corporate IT managers into a mainstream issue commanding above-the-fold headlines and consumer attention.
The 2016 elections were rife with stories of insecure servers, poor online security measures and overwhelming cyber security breaches, which may have derailed a candidate’s campaign. As expected, the average American and others around the world decried the use of a private server by a high-ranking government official.
And while many tried to ‘remove the speck in Hilary’s eye, most working class individuals forgot about the log in their eyes’. Statistics from the Identity Theft Resource Center puts the number of tracked data breaches in the US at 1,093, which led to an estimated $ 1 billion loss.
Both small scale businesses and big corporations like Yahoo, fell victim to this scourge thereby magnifying the losses. Final counts by IBM showed that there was a 29% increase in data breaches compared to the numbers of 2013.
This leads us to question: who on earth is responsible?
In order to provide an answer to this question, CompTIA conducted an online survey of 1,200 full-time employees in the US about their use of technology, cyber security awareness, and security consciousness level.
The survey showed un-earthed some mind-boggling statistics:
- 63% of employees use their work mobile device for personal activities
- 94% of employees connect their laptop/mobile to public Wi-Fi networks
- 49% of employees have at least 10 logins, but only 34% have at least 10 unique logins
- 45% of employees receive no cyber-security training from their employers.
These statistics answer the responsibility question to a high degree. It clearly shows that employers and their corresponding employees are culpable to a high degree for data breaches that occur within the system.
Employee use of storage infrastructure is also a source of concern and the 2015.
The ‘Stuxnet’ attack on Iran still remains fresh in our collective memory. The attack, which rendered the centrifuges in Iran’s nuclear program defective were caused by already installed malware in the USB sticks Iran purchased. Due to a lack of training and only a basic understanding of cyber threats, 17% of the program’s employees either clicked the contaminated link or in some cases even sent mail to the address provided on the disc. This utter lack of cyber security awareness was not limited only to Iran, as enterprises in the United States were also victims to Stuxnet.
Despite this growing visibility, most employees still demonstrate a lower level of cyber security understanding and behaviour, both in regards to protecting their devices and their personal information. The above case studies should serve as an eye-opener to employers worldwide on the importance of in-depth cyber-security training.
Integrating a Security Conscious in Corporate Culture
Generally, employees are more likely to associate cyber security threat with identity theft while overlooking threats from malware and other phishing attacks. With anti-virus software, firewall protection, and other IT protocols installed, employees may feel that anything they do online is safe, or that if something were to happen, the technology would protect them. Not all breaches or identity theft incidents make the headlines, which may also lead some to underestimate their own vulnerability.
Therefore, the first step to combating security breaches is educating the workforce. This includes training with employees by IT professionals about the basics such as mitigating risk and securing both personal and work related data. Another important step to fighting security is integrating the use of real-time data analytics infrastructure such as Aerospike to counter or detect fraudulent activities.
Cyber threats are here to stay and with each passing year, the threats become varied and more sophisticated. Therefore, it is recommended that enterprises continuously update security measures as well as develop a cyber security-aware culture.
Get Cyber Security-Aware
Every business owner needs to understand cybersecurity risks. Download our free guide outlining the risks that your staff need to be trained on to avoid cybersecurity breaches.
Download our PDF which contains more statistics and useful information.
Reach Out To Us
Want to know how RoyalIT can help you with cyber security?
Reach out to Royal IT today by dropping us a line or giving us a call.