return to news
News

65% of leaders say that security awareness training is not a top priority

Published 19 - October - 2020
security magazine
Source: Security Magazine
Read full article

The best security policies are under constant review and take into account ongoing feedback. Archaic policies are quickly retired. Success lies in explaining how a policy can benefit both the enterprise and the individual.

Steve Durbin, Managing Director of the Information Security Forum.

nVisium released the findings of their recent research which explores the current state of cybersecurity awareness and security training initiatives within today’s remote workforce. The research reveals that only 35% of respondents classify security awareness training as a ‘top priority’ while working remotely, and nearly half say that their DevOps teams are not experts in understanding how to protect at home wireless networks.

Approximately 250 responses were analyzed and the results revealed that many organizations do not fully comprehend the critical need for implementing continuous security training initiatives, particularly during a time where corporate network attack surfaces are increasing and being exposed to millions of new endpoints. As remote working continues in prominence, IT teams must also have the skills and ability to implement the appropriate security measures to support this. However, nVisium’s research reveals that only 18% of respondents deliver company-wide standard monthly reports on the latest security breaches and exploits, while a startling 40% say that their organization’s developers are not experts in cybersecurity.

Steve Durbin, managing director of the Information Security Forum, notes, “The best security policies are under constant review and take into account ongoing feedback. Archaic policies are quickly retired.  Success lies in explaining how a policy can benefit both the enterprise and the individual.  Awareness programs that fail to do this are destined to end badly.  In this age of hybrid working, employers need to re-assess security risks at the personal access level and keep the following areas under constant review:

  • Mobile devices
  • Internet connected devices
  • Cloud access and storage
  • Third party providers

Durbin adds, “By helping staff understand how vulnerabilities can lead to poor decision making and errors, organizations can better manage security risks. To make this happen, a fresh approach to information security is required which goes far beyond simple policies. A human-centred approach to security can help organizations to significantly reduce the influence of cognitive biases that cause errors. By discovering the cognitive biases, behavioral triggers and attack techniques that are most common, tailored psychological training can be introduced into an organization’s security awareness campaigns. Technology, controls and data can be calibrated to account for human behavior, while enhancement of the working environment can reduce stress and pressure.”

Some other key findings from nVisium’s research include:

  • Nearly 60% of respondents say that their organization’s cybersecurity training investment costs have either decreased or stayed the same since the start of remote working.
  • Less than 30% of respondents say that integrating security tools and processes throughout the DevOps pipeline is a top priority.