There appears to be a disconnect between organizations' recognized threat risks and organizations' actions to mitigate those risks. While 66 percent of organizations say employees are the weakest link in cybersecurity defenses and 60 percent say employees are not knowledgeable about security risks, just 35 percent believe it is a priority for employees to be knowledgeable about those risks, according to a recent survey from Ponemon Institute.
The survey collected responses from more than 600 individuals at companies that have a data protection and privacy program. Here are five key findings from the survey.
1. Fifty-five percent of respondents identified a security incident or data breach due to employee negligence or a malicious attack by an employee.
2. The No. 1 security concern among respondents is employees inadvertently exposing sensitive or confidential information.
3. The types of employee behaviors respondents most fear include unleashing malware from an insecure website or mobile device (70 percent), violating access rights like using someone else's login credentials (60 percent), using an unapproved mobile device in the workplace (55 percent), accessing company applications from an insecure public network (49 percent) and succumbing to a phishing attack (47 percent), among others. (Respondents were permitted to select more than one choice.)
4. When asked why it is difficult to reduce the risk of data breaches due to negligent or malicious employees, 70 percent of respondents said they lack in-house expertise, and 55 percent of respondents said they lack leadership or ownership of the issue. Additionally, half of respondents said there are organizational silos to reducing data breach risk, and 47 percent said their budget is too small. Respondents were permitted to select more than one choice.
5. Less than half of respondents (49 percent) said senior management believes a strong security posture is part of the corporate culture.
More articles on cybersecurity:
CHIME suggests cybersecurity as a reimbursement factor in MIPS
First known ransomware attack in 1989 also targeted healthcare
IBM Watson sets sights on cybercrime