Blog courtesy of KnowBe4
Written by Stu Sjouwerman
With employees not believing that it’s important to personally worry about cyber security risks, they also tend to believe they’re not a target, new data suggest as the reason for the risky behaviour.
In most cyberattacks, the employee plays some role – clicking on a malicious attachment, giving up their corporate credentials to an impersonated logon page on the web, or taking specific action because they were fooled into believing their CEO or boss told them to. So, it’s important for employees to not engage in risky online behaviours.
But according to new data from security vendor Thycotic, employees simply aren’t prepared and educated to think about corporate risk, let alone their role in helping to mitigate that risk. In their newly released Balancing Risk, Productivity and Security report, Thycotic point out some specific insights that clearly point to how and why employees are creating risk:
- 45% see the organisation being at little or no risk of cyberattack
- 51% say IT should be solely responsible to protect the organisation from cyber threats
- 79% of employees have engaged in one or more risky activities that include sharing credentials with colleagues, using the same password across multiple sites, using unauthorised personal devices to conduct work, and allowing family members to use their corporate device
One of the reasons is clear from the report’s data: 56% of employees have received no Security Awareness Training in the last year. Over half of employees aren’t having the concept of needing to be vigilant continually reinforced – so it’s no wonder these organisations are seeing employees introduce risk regularly.
If you want a vigilant and cyber security-minded employee, you need to continuously teach them about the importance of cyber vigilance. Otherwise, you’re going to end up with an organisation that is demonstrated by the Thycotic data.
Request A Demo: Security Awareness Training
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilise users as your last line of defence. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!