Are your employees weakening your cybersecurity program?

While many organizations are focusing on emerging technologies to tackle cybersecurity problems, it may be more worthwhile to first focus on your employees.
6 June 2018

IT professionals feel that their employees are a weak link in their cybersecurity. Source: Shutterstock

For businesses wanting to bump up their cybersecurity to fight against external threats, focusing on your own team may seem a little counterintuitive.

However, it seems that your employees may actually be the weak link in your cybersecurity processes, according to a recent global study by Dimensional Research.

The research, which was commissioned by Barracuda Networks, focuses on the current experiences that businesses have with employee behavior and the associated email security risks.

The study includes the responses of over 630 IT professionals from around the globe. The study concluded the following:

Employee behavior is the main security concern

The main conclusion from the study was that effective email security is not just a product of good tools put in place by the organization. Rather, the greater cause of concern lies with the poor behavior of employees.

Poor employee behavior refers to things such as carelessness, use of personal emails, and disregarding policies.

According to the report, 84 percent of respondents said employee behavior was the top concern, compared to 16 percent who blamed inadequate tools for security attacks.

No real consensus on the level of employee that will fall for an attack

The report discovered when it comes to victims of an attack, the criminal does not necessarily target a particular level of employee.

When asked the question of “What level of employee are you most concerned about falling for an email security attack?”, of the respondents, 46 percent said individual contributors, 39 percent said executives and 15 percent reported team managers.

Frontline staff are not always aware of the risks and impacts related to poor security practice. Source: Shutterstock

It seems that email phishing attacks are purely a numbers game. The more emails sent out by the attacker, the more likely someone from the organization is to fall for it.

While executives may be viewed as a likely target due to the more valuable information they hold, the easier target for attackers is the frontline staff- as demonstrated by the higher percentage.

Why? The fact is, frontline staff are not always aware of the risks and impacts related to poor security practice.

Lack of education and training for employees

While many of the IT respondents believe that new tools such as artificial intelligence can help identify and stop cyber attacks in real time, 100 percent of respondents believe that training and awareness programmes are vital to improve email security.

Despite all respondents believing training is crucial in the fight against phishing attacks, not everyone is actually practicing it.

Of respondents, only 77 percent are training their employees. Larger organizations were found to be more likely to train employees compared to smaller businesses. Though this isn’t surprising considering larger enterprises are often earlier adopters of new business technologies and trends.

The findings from the study show a clear cause of concern relating to employee security training. While emerging technologies such as AI can help in the detection and protection of email attacks, the human element still plays a very vital part.

So it may be time to ask yourself, are your employees equipped with the knowledge to mitigate against email phishing attacks?