A study published last month has revealed some important data about cybersecurity awareness in companies. According to the study, 31% of UK companies that have experienced a data breach have fired an employee for negligence in relation to the breach. This figure is a clear indication of the important role played by employees when it comes to cybersecurity.
This study comes a little over a month after the GDPR came into force, and shows that the new regulation has helped to increase awareness about personal data stored and shared on endpoints and networks in all kinds of organizations.
The same study also reveals that 88% of large companies in the country believe that employee negligence is the biggest risks in terms of information security. There are many kinds of negligence that can affect a company: for example, a weak password or the loss of a device can lead to data leaks. Something else that can cause serious problems is neglecting security updates for software.
Lack of IT training
However, despite the fact that companies are fully aware of the vital role played by employees in the protection of data, they haven’t carried out an efficient training plan with the aim of avoiding the catastrophic consequences that an incident related to confidential information can mean for the company. And the fact is that a lot of the time, involuntary negligence can be mitigated with adequate training in cybersecurity protocols.
The percentage of large companies that have given their employees training of this type – the dangers of using public WiFi and identifying fraudulent emails, for example – is relatively low. With a total cost to the US economy of 676 million dollars last year, information about tactics such as the use of fraudulent email to compromise not only an endpoint, but the whole corporate network via lateral movements once the action has been carried out, is especially important.
The percentage of small companies that offer this type of training is even lower. This serves to underline the fact that many companies of this size still have a long way to go to get up to speed with cybersecurity.
The results of a basic IT skills test have further highlighted the lack of elementary awareness of IT matters among employees: only 1% of participants got full marks. A worrying trend was the inability to identify file extensions. This could well facilitate the job of those who want to get malware onto computers by attaching malicious .exe files; if an employee doesn’t know the meaning of the file extension, they are more likely to open it, putting the whole company’s cybersecurity at risk.
Nowadays, a strong cybersecurity policy is vital for any company. However, the company may still be at risk if an employee doesn’t follow protocols. And since many employees are unaware of whether their company even has any kind of cybersecurity policy, the likelihood of their breaching this policy is alarmingly high.
Staffing problems
This issue is exacerbated by something that has been emphasized by IT managers: many say that it is getting harder to find professionals with the right cybersecurity skills. This means that many companies’ IT security may be at some risk, not because of a lack of preparation on their part, but because they are unable to fill key positions in the company with qualified workers.
As well as providing employees with adequate training, remember that there are advanced cybersecurity solutions, like Panda Adaptive Defense. A cybersecurity suite managed by specialized PandaLabs technicians that, thanks to its 100% Attestation service, can cover any detection gap, ensuring the trustworthiness of all running processes and allowing you to react in terms of prevention, detection, and response against known and unknown malware. This way, Panda Adaptive Defense allows you to increase the efficiency of the IT department, locating security risks or abuses in the use of corporate infrastructure, so that they can focus on what is really important for the running of your company.