TLDR:
Recent research shows that over 50% of cybersecurity professionals are concerned about security behaviors within their organizations. The top issues identified were clicking on links in emails, sharing corporate data, and sharing usernames and passwords. The study also found that regular and contextual security awareness training is crucial to combat the growing threats. Organizations must measure and track the effectiveness of their training programs to make necessary adjustments. It’s important to create engaging and flexible training materials to boost staff engagement and reduce security incidents.
Fear and Silence: 50% of Employees Hesitant to Report Security Errors
A recent survey conducted by ThinkCyber revealed that over half of cybersecurity professionals are worried about security behaviors within their organizations. The top concerns identified were employees clicking on links in emails, sharing corporate data outside of the business, and sharing usernames and passwords.
The study also found that a quarter of cybersecurity professionals are skeptical about their colleagues changing their behavior with the current security awareness training. Additionally, 60% admitted they only receive training once every few months or once a year, which may not be sufficient to combat the evolving threats.
Tim Ward, CEO at ThinkCyber, stressed the importance of delivering security awareness training in the moment and contextualizing it for the recipient. This approach enhances comprehension and serves as a proactive nudge towards safe behavior. Ward highlighted the importance of intervening precisely when a risky action is about to be taken to make the lesson more impactful.
Organizations must measure and track the progress of their security awareness programs to determine effectiveness and make necessary adjustments. The survey revealed that almost half of the respondents did not have a way to identify user groups engaging in concerning behaviors, indicating a gap in tracking and measuring program effectiveness.
When it comes to reporting security errors, half of the respondents said they would not feel free from repercussions if they reported a mistake within their organization. This fear and silence around reporting errors can lead to increased vulnerability and outdated security practices within organizations.
To improve security awareness training, experts recommend delivering ongoing training, drip-feeding content in small segments, and measuring engagement levels and progress. Implementing these strategies can help boost staff engagement, reduce incidents of data breaches, and create a culture of security awareness within organizations.