Despite the risks, fewer and fewer companies are investing in cybersecurity training.
Only 40% plan to offer this type of training this year, found a survey by IT company NOVIPRO. This is down from 42% in 2020 and 51% in 2019.
While cyber-crime is rampant these days, nearly four in 10 say they don’t receive any cybersecurity training at work, according to a separate survey.
However, 56% of organizations that were targeted by malware have paid the amounts requested by cybercriminals, finds the NOVIPRO survey of 491 respondents in October 2021.
There was a 150-per-cent year-over-year ransomware surge in 2020, according to another report.
“I am very concerned that so many organizations are paying a ransom. Companies need to be proactive in preventing cyberattacks, otherwise the impact will be devastating to them and their customers,” says Yves Paquette, co-founder and CEO of NOVIPRO.
“If organizations invested even a fraction of the potential cost of an attack, they could easily put systems in place to guard against such fraud. In the physical world, you’d employ a detachment of guards to protect something with a seven-figure value, however, there still seems to be a disconnect when the ‘something’ is digital.”
Who is to blame?
Companies that are victims of cyberattacks admit that employees are the largest source of cyber threats (53%), either because they are motivated by malicious intent (31%) or they unintentionally trigger an attack by clicking, for example, on a fraudulent link (22%).
This prompts most organizations (76%) to take the time to review their security practices, whether it’s by providing training to employees (32%), developing a telecommuting policy (31%) or investing in software (29%).
Companies are also forecasting less technology investment in the next two years (80%) compared to 2020 (88%). Investment plans in advanced data analytics and artificial intelligence are also declining, falling to 18% in 2021 from 29% in 2020.
Tips to improve
Michael Howard, head of security and analytics practice at HP provided his top five tips on cyber security. These include, number one, assessing your environment, which is critically important. With people working from home, employers should do security assessments, making sure to assess each and every endpoint, Howard says.
Secondly, employers should work with vendors who provide tools that “start extending that capability and bringing that monitoring and management back into view,” says Howard. The third point is based around education. Every organization should be educating every employee, not with a carrot-and-a-stick approach but by rewarding them for good behaviour and educating over bad behaviour.
A fourth tip for cyber security is figuring out how to segment networks at home, he says.
“How do you get all those dangerous IoT [internet of things] devices that are sitting in your home segmented away from business devices that you’re bringing into your organization?”
And, finally, organizations should consider buying enterprise-class devices for home that have built-in security and depth for cyber resilience. Too many organizations aren’t pushing the same security controls to out-of-home offices as they do inside their corporate environment.