Employees need to be trained better when it comes to cybersecurity. Source: Shutterstock

Employees need to be trained better when it comes to cybersecurity. Source: Shutterstock

“Humans are still the weakest link” finds new cybersecurity study

EMPLOYEES are an organization’s biggest asset — but in a digital world, they’re also often the biggest threat to corporate networks and data.

According to a new study by the Ponemon Institute, employees are still the weakest link when it comes to cybersecurity, and business leaders need to act now if they want to better defend their digital borders.

“Today, the security function is largely centralized and its staff is rarely included when new products, services, and processes—all of which involve some sort of cyber risk—are being developed,” says the report.

Given the siloed approach, the Institute believes, is what creates a lack of accountability across the organization and promotes the notion that security is not everyone’s responsibility.

After all, only 16 percent of CISOs were able to confidently tell the Institute that employees in their organizations are held accountable for cybersecurity today.

Analysts, therefore, recommend that staff must be provided with ongoing training and skill reinforcements (such as phishing tests) in order to ensure they take on more responsibility when it comes to protecting their organization’s data and network.

According to the study, employees need the right tools and incentives to help them define and address risks — consciously.

“New work arrangements—greater use of contractors and remote work—make the need for employee training more urgent. Even so, training employees to think and act with security in mind is the most underfunded activity in cybersecurity budgets.”

The Institute emphasizes that in order to embed cybersecurity into the fabric of the organization and be effective against any insider threats, they need to bring together human resources, learning and development, legal and IT teams, and ensure they work closely with the security office and business units.

The report also points out that as organizations expand their ecosystems to include partners, third parties, and other stakeholders, they need to create more awareness and ensure everyone takes on more accountability when it comes to their actions in cyberspace.

Organizations must work with their ecosystem partners to jointly protect and defend their operations and better defend their digital infrastructure.