New statistics from Kaspersky point to over half of UK organisations not having a cybersecurity policy and as many as two-thirds of cybersecurity leaders admitting that their organisations are complacent about protecting customer data.
TechRound, and writer Daniel Tannenbaum, interviewed Kaspersky’s Principal Security Researcher, David Emm, to find out more about the cyber security company’s latest insights. The recent study finds 47% of UK company’s have experienced a cyber breach of some description in the last two years, but regular risk assessments are not so regular, at just once per year. Emm says:
“We seem to hear about a data breach every day and any successful breach has debilitating effects on an organisation including damage to reputation, loss of customers and huge financial implications.”
These breaches are reportedly costing an average of £3 million per incident.
– Watch our free taster sketch “Phishing Emails in Real life” from our hilarious Sketches security awareness training series
Despite the findings Emm doesn’t appear convinced that regulation is the answer for UK firms, he says:
“The risk with adding more regulation is that it could become a box-ticking exercise and give a false sense of security, when actually every company is different and there is no one size that fits all in cybersecurity.”
The lead researcher believes that “guidelines and frameworks can be very useful.” He says the UK government’s Cyber Essentials Scheme has had a positive effect because of its framework of recommendations. In regard to data protection, he adds:
“Similarly, with GDPR, it has forced companies to think about the data they hold, the way that they collect it and the need to secure it.”
Emm also points to the issue of supply chain risk and that associated with third party vendors, as well as potentially at the risks of acquiring a business that could be technologically less mature. He says:
“When you have new partners in your business, you also need to ask, ‘well are you taking security seriously?”
Of course, the expert’s favourite line for us here at The Defence Works, where we advocate security awareness training, is:
“So, it’s about education.”
Before we tell you are little more about the benefits of security awareness training, Emm covers the lack of risk assessments within organisations in a little more detail. He says:
“Ideally you want to give staff training on data and cybersecurity – but the challenge is that executives have busy schedules and strict budgets and they find it much easier to buy a solution from Kaspersky or other vendors than invest in years of training. Products are tangible and that resonates well with large organisations who feel impelled to act.”
Adding, there is a case for “having staff on board who understand the risks; and whether it is sophisticated crime or opportunistic crime, the message needs to be reinforced about things like the danger of clicking on links and also what happens when you take your phone and laptop away with you and the potential risks that can manifest.”
Kaspersky also found that just 41% of businesses believe their organisation has “robust endpoint security.” The cybersecurity giant recommends that as well as six monthly cybersecurity assessments and investment in endpoint security solutions that fight the latest cyberthreats, that companies should:
“Organise frequent cybersecurity training for IT staff, so they are aware of the organisation’s policy and solutions.”
The benefits of cyber security awareness and training
Here at The Defence Works we believe that employees should be aware of an organisation’s policy and solutions towards cybersecurity threats. And, that security awareness should be an ingrained part of daily work lives. After all it’s human error and action, and phishing attacks arriving to individuals email addresses that result in many data breaches and successful cyber-attacks.
Security awareness training can make employees aware of common scams and of the threat and appearance of phishing emails, quite simply making them less likely to fall for such tricks.
And of course, as individuals become less vulnerable and more aware, using better passwords and avoiding obvious threats, a company’s vulnerability falls substantially. There is less financial risk and risk to reputation, both of which can completely decimate a company to the point that it fails, quickly.
Security awareness has clear benefits for compliance, to GDPR for example, as employees learn the many different ways data breaches occur, they can more pro-actively ensure GDPR compliance.
Trained employees are happier. Rather than being fearful of cyber attackers and petrified of being responsible for a data breach, with security awareness training employees can be confident in their knowledge and skills. Employees that understand how threats can occur are empowered to watch for them and to deal with such threats effectively.
Interested in learning more about how security awareness training can help your organisation? Sign up for a free demo of the world’s most interactive security awareness training.
Subscribe to the Proofpoint Blog