Who do you call when you face a cyber threat?
While companies continue to advocate cybersecurity best practices to their employees to deal with any cyber threat, there is still one problem that a lot of companies are facing. In fact, this problem can be said to happen to everyone and affect almost everyone in the organization.
And this problem is all about reporting cybersecurity issues. For example, when an employee notices something wrong with their systems or accidentally clicks on a phishing link, who do they report these incidents to?
Do they report it to their supervisors who in turn report it to human resources who then pass the message to the IT team? Or do they contact IT support directly and be told to go through HR and make a proper report before the problem can be solved?
Believe it or not, this is the reality most companies continue to face when it comes to dealing with data breaches, ransomware, and other cybersecurity issues. The amount of processes that an employee goes through to report a data breach makes the entire process time-consuming. What’s more concerning is that many organizations do not even have a policy in place to report a data breach.
Gartner states that 48% of board directors rank cyber risk as a top enterprise risk. But how many board of directors actually know what to do if they get involved with a cyber threat? Do they contact their secretary or go straight to the IT department? Or are they even aware they have been compromised?
In fact, according to a report by KnowBe4, without training, 21% of the untrained global workforce did not know who to go to when faced with a threat.
The minutes that lapse between an employee seeing a potential security threat and the right person in an organization receiving the information can make the difference between warding off or leaving the door open to an intrusion. This makes ensuring employees know when to report a threat, and who to report to, a vital security step for organizations of all sizes.
In the study, annual security training reduced that percentage to 17%. But it is repetition that creates the most significant change – an overall improvement in knowing who to go to double in those who completed monthly versus annual training.
The report includes an assessment of training frequencies across industries, with education, technology and healthcare, and pharmaceuticals coming in lowest on monthly training, meanwhile, hospitality and transportation are leading at 28 and 20% respectively.
Across industries, the report shows that increasing the frequency at which employees complete security awareness training has an almost universal positive influence. Without the benefits obtained by frequent training, employees are left to decipher security instructions on their own, lacking proper guidance and ultimately putting the organization at higher risk for mishandling a security incident.
For KnowBe4 CEO Stu Sjouwerman, “Monthly training brings about an improved understanding of the terminology and knowledge about why the procedures are in place, as well as the correct channels for communication of threats. As the data demonstrates, ensuring that this vital information is communicated regularly is a necessary step in securing an organization of any size and contributes to creating a stronger security culture.”
As such, businesses need to not only ensure cybersecurity best practices are implemented but also make sure their employees would know how to deal with any cyber threat be it ransomware or phishing emails, if they accidentally fall for them.
- Bad bots! Bad bots! What can you do when they come for you?
- Goodbye, comfort: Revisiting the legacy of iconic ergonomic keyboards from Microsoft
- Shaping the future through Malaysia’s digital journey and ManageEngine’s Southeast Asia plan
- Intermittent encryption: Can businesses get ahead of this cybersecurity threat?
- Disrupting warehouse management with passive IoT