Enterprise mobile environments have increasingly expanded the remit of responsibility for security teams to manage. To add fuel to the fire, the shift to remote working this year has added many layers of complexity for these teams, seemingly overnight.
The big concern is that security and risk threats are no longer limited to company networks and policies, but in the hands of employees and the precautions they take to prevent cyberattacks in their own environments. This is worrying given how distracted some are when working outside of the office, making them more susceptible.
And the cybercriminals are all too aware. A recent Censuswide study commissioned by Barracuda found that 36% of Australian organizations reported at least one data breach or cyber security incident since shifting to remote working, with 45% reporting that employees had experienced an increase in email phishing attacks. Alarmingly, 39% said their employees aren’t properly trained in the cyber risks associated with remote working.
It’s time to take a more proactive approach to cybersecurity training, transforming employees from a security liability into a line of defense. This means equipping them with the right tools, knowledge and behaviors to help them effectively manage security threats they might be exposed to.
More needs to be done to change perceptions
The good news is that Australian organisations are taking notice, with 64% of decision makers keen to rollout effective security training and awareness for their employees, according to a new report. However, only a third (34%) intend to do so in the next 12 months.
While this is a positive step forward, there’s still a lot of potential to increase access to security training. This is demonstrated in the lack of readiness of employees and their awareness of the right security practices, according to Forrester. Only 30% agree that they receive security training in the workplace, while 27% say they know what to do if a security breach occurs.
Forrester warns that initiatives to build a culture of security awareness often fail to catch employee attention. In fact, 40% of knowledge workers tend to ignore their company’s security policies as they don’t see the value and would rather focus on building their efficiency in work tasks.
Security training needs a holistic focus for effective impact, which requires investment in initiatives for this to work.
Focus on the human firewall
The best defense against cyber threats is to make users aware of the threats and techniques used by cybercriminals. The best approach is to implement a simulation and training program to improve security awareness.
Training isn’t just nice to have, it’s a top priority because targeted attacks have become so nefarious and effective. Train your employees to recognise malicious emails from multiple sources and test them the way an attacker would. Show them the latest attack techniques, how to recognise the subtle clues and help stop email fraud, data loss and brand damage.
You may be thinking this sounds easier said than done, but by embedding learning into your everyday business processes, along with customised simulations that test and reinforce good behaviour, it will soon become second nature.
There are better ways to train employees than traditional classroom-style education, however. Focus on activities that are relevant to an employee’s department and role, unscheduled simulations of typical attacks, training modules that can be done at the employee’s convenience and rewards for taking the right actions.
By customising training, you can make it far more engaging and relevant to your users.
Read the full Forrester spotlight here: https://www.barracuda.com/apac-forrester
Mark Lukie is a Director of Solution Architects for Asia Pacific and Japan at Barracuda Networks. He has more than 20 years of IT industry experience with deep skills in networking, cybersecurity, backup/disaster recovery, public cloud platforms and systems integration.
Mark has been with Barracuda for more than eleven years and has extensive knowledge on the company’s entire solution portfolio, which include email protection, network and application security, application delivery and data protection solutions. He is a member of the Barracuda Global Cloud Security Team, which focuses on security solutions for public cloud platforms such as Microsoft Azure, Amazon Web Services and Google Cloud Platform.