Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security //

Training

8/8/2018
09:35 AM
Larry Loeb
Larry Loeb
Larry Loeb
50%
50%

Employees Remain the Weak Link in Your Company's Cybersecurity Plans

Another report, this time from Finn Partners Research, shows that employees remain the weakest link in the cybersecurity chain.

Who's the biggest threat to your enterprise's security? It might be the guy or gal sitting right next to you.

Your fellow employees are, unsurprisingly, the deadliest cybersecurity risk that organizations face today. That's the finding of a new study released by Finn Partners Research, "Cybersecurity at Work." The report is based on questions sent to 500 full-time office employees across the US.

The survey was completed in June, and the respondents held full-time positions in an office environment that had more than 100 employees.

For example, the study found that nearly two in five workers admitted to clicking on a link or opening an attachment from a sender they did not recognize. (See Email-Based Attacks Still Wreaking Havoc on Enterprises, Study Finds.)

Additionally, more than half of employees -- 55% -- are using their personal devices for work, thanks to the BYOD effect. This means an increased vulnerability to hackers, malware and data breaches because of the unsupervised environment of the devices. (See ISF: Balance Is Key to Mobile Security.)

(Source: iStock)\r\n
(Source: iStock)\r\n

Further illustrating poor practices, only 26% of the surveyed employees changed their login credentials and passwords for personal and work applications at least once a month.

Jeff Seedman, a senior partner at Finn Partners, noted in a statement:

The fastest and easiest way for bad actors to gain access to sensitive organizational data is for employees to click on nefarious links -- we know that around 40 percent of our workforce is engaging in such behavior. While 31 percent of respondents have already been a victim of a breach or attack, the behavior patterns to elicit security breaches remain.

However, training by the IT and security departments to counter these behaviors is limited.

In the survey, about 25% of respondents reported that they receive "cyber hygiene" training on a monthly basis from their IT team. This includes the updating of operating systems on devices, checking for security patches, as well as changing passwords.

Another 29% report that they had quarterly training in this area, while 19% receive bi-annual training and 23% receive annual training.

Still, 93% of the respondents believe that their company takes adequate cybersecurity measures to protect their personal and corporate data. Amazingly, 94% of those surveyed believe they are doing their part in helping to keep their company's data secure.


Zero in on the most attractive 5G NR deployment strategies, and take a look ahead to later technology developments and service innovations. Join us for the Deployment Strategies for 5G NR breakfast workshop in LA at MWCA on September 12. Register now to learn from and network with industry experts – communications service providers get in free!

Of course, what specifics "their part" is up to the interpretation of who is evaluating it.

The report also asked respondents if they were dissatisfied with their jobs, would they take the company's corporate security less seriously. Of those surveyed, 79% said no, 16% said yes, and 4% said they didn't know.

Employees also considered themselves at risk from a corporate cybersecurity standpoint. Specially, 37% expressed that their biggest worry from a breach would be that their device would get a virus, as opposed to only 19% who worried most about leaking corporate data or the 19% that thought such a breach would cost the company a lot of money.

This report shows that employees need to be aggressively counseled about cybersecurity. Left to their own impulses they can indulge in unsafe behaviors, perhaps abetted by the BYOD phenomenon.

Related posts:

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-40099
PUBLISHED: 2021-09-24
An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution.
CVE-2021-40100
PUBLISHED: 2021-09-24
An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text.
CVE-2021-40102
PUBLISHED: 2021-09-24
An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR deserialization in is_dir (PHP Object Injection associated with the __wakeup magic method).
CVE-2021-41586
PUBLISHED: 2021-09-24
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password.
CVE-2021-41587
PUBLISHED: 2021-09-24
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources.