- Cybersecurity awareness experts say their organization’s current security posture would be weaker if the existing IT security budget focused solely on technical solutions
- 100% claim training staff in IT security has a positive effect on the company’s error culture
- 96% agree that cybersecurity awareness contributes to a higher overall security level
- Organizations must prioritize workforce behavior in relation to data and machines as a pillar of their next-generation IT strategies
Devoting a chunk of the IT budget to cybersecurity training goes a long way towards minimizing risks to employees' IT security. Cybersecurity awareness experts agree, unanimously and strongly, that these measures influence a company's security posture, according to a new study.
The vast majority of participants in Lucy Security’s study said their organization’s current security posture would be weaker if the existing IT security budget focused solely on technical solutions.
Specifically, “92 percent of the survey participants denied that the same level of IT security could be maintained in the company if the existing funds and resources were invested exclusively in technical security measures,” according to the report.
100% claim these measures have a positive effect on their company’s error culture. Unsurprisingly, 96% agree that cybersecurity awareness contributes to a higher overall security level.
The ‘human firewall’
According to the same survey, 81 percent of the companies carry out phishing simulations. But not all of them fully exploit employees’ potential to enable what researchers call a “human firewall.”
“It is noteworthy, however, that only slightly more than half of the companies already include their employees in their security arrangements,” the report says. “For example, only 51 percent of the companies use a phishing alarm button. 49 percent do not use this function and thus do not exploit the full potential of their staff. The so-called ‘human firewall’ is not activated.”
With 43% of global employees not sure what a phishing attack is, employee training is indeed key to minimizing risks to IT security.
A Bitdefender survey of more than 6,000 infosec professionals in large organizations across the US, EMEA and APAC conducted in 2019 showed that companies that emphasize cybersecurity training are better at detecting attacks quickly and more efficient at isolating them.
In last year's survey, around a third of IT professionals said they emphasized training and leveraged network traffic analytics towards defending the organization against advanced threats. However, according to Bitdefender's more recent study, one in three IT professionals say remote employees feel more relaxed toward security issues because of their surroundings. And 33% said staff working remotely don’t stick to protocol, especially in identifying and flagging suspicious activity.
These findings are echoed in several research reports released by the infosec community this year, especially a MobileIron report saying that 33% of workers consider IT security a low priority. A research paper published by DTEX Systems found even more evidence that its’ hard to persuade remote employees to stick to protocol, noting a 450% increase in employees circumventing security controls to hide online activities.
Security solutions that embody human risk analytics enable IT administrators to act with surgical precision, tweak the right security controls when and where needed, and deploy training for staff with a poor grasp of IT security. As work-from-anywhere quickly becomes the norm, organizations must integrate endpoint protection, risk management, and user behavior analytics for a more holistic approach to cybersecurity.