In-depth

Is your enterprise a security thicko?

Security training needs to be much more targeted if it is to be successful, argues Davey Winder.

Recent research by Ernst and Young found that some 96 per cent of the 1,900 folk questioned felt unprepared when it comes to a potential cyber attack.

As you might expect given, an accountancy firm conducted the research, money was the main driver, but right behind it just three percentage points down,  a lack of skilled staff was being blamed for preventing good security.

What I found interesting was that the report also seemed to confirm that awareness of security issues had increased (with 70 per cent of those asked agreeing that IT security is being dealt with at a high level within the organisation, and a further 43 per cent saying that IT security budgets have risen). This made me wonder, whether that awareness of security issues is being directed at the right people and if the budgets should perhaps include a bigger proportion spent on education and training rather than concentrating mainly on defensive systems and software.

Nobody wants to be the class thicko, but with 32 per cent of respondents to that survey placing awareness and training last on their list of priorities (it finished second to last overall with threat and vulnerability management, surprisingly,  bottom of the priority pops) is there a danger that this is exactly what might be happening?

Could do better

Few people would argue that a lack of proper security awareness training within the enterprise increases the risk of successful attack, or take issue with the flipside of that statement that improving education and training of staff when it comes to IT security helps mitigate that risk.

So could the average enterprise do better? Let's look at some statistics, such as the online survey of UK office workers conducted independently by YouGov for Proofpoint. This showed 43 per cent of workers have received training on data and privacy protection but a staggering 37 per cent have not received any training at all. This last number is interesting in that it tends to crop up rather a lot, such as when Outpost24 perform social engineering tests. CSO Martin Jarteilus told me that they typically manage to hit between 20 per cent and 35 per cent of the staff targeted. A figure that increases to as much as 50 per cent when they include LinkedIn or Facebook in the attack toolbox.

"We have reached a level where 10 per cent of the users have provided usernames and passwords to a phishing website created for the security test," Jarteilus says.

He added that in a recent study targeting a government agency in Sweden "our testers could walk into not only the finance departments but also into a locked down office where external visitors were not allowed, all by smiling and being nice."

So when David Robinson, CSO and director of information security at Fujitsu in the UK and Ireland, insists that enterprises could do much better when it comes to training ans awareness, it really comes as no surprise at all.

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Recommended

Six ways boards can step up support for cyber security
Business strategy

Six ways boards can step up support for cyber security

22 Jul 2021

Most Popular

UK gov considers blocking Nvidia's takeover of Arm
Acquisition

UK gov considers blocking Nvidia's takeover of Arm

4 Aug 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Tesla Megapack goes up in flames at Australian battery site
Hardware

Tesla Megapack goes up in flames at Australian battery site

30 Jul 2021