Employees form biggest cybersecurity risk

A new study suggests that organisations need to improve cybersecurity education and training provided to employees.
By: | August 24, 2018
Topics: News | US

With exponential technological advancement comes increased risk. Cyber hacks are more prevalent than ever – here in Southeast Asia, Singapore’s own SingHealth was the recent target of a cyber hack, with the result being that 1.5 million digital patient files were compromised.

On a global scale, giants of industry such as Merck, Maersk, and FedEx were just a few victims of what has been described as “the most devastating cyberattack” in history. As WIRED reports, Merck reportedly lost S$1.2 billion due to the “NotPetya” attack, which happened in June last year, and worked by targetting a loophole in an accounting software.

Operations at Maersk, meanwhile, ground completely to a halt, and employees were forced to resort to personal Gmail and WhatsApp accounts to try and keep things going. When computers and laptops were returned to them, they were completely wiped clean of any documents or information.

Both of the SingHealth and NotPetya attacks came from the outside through various backdoors.

But for organisations contemplating the nuances of cybersecurity in the modern age, it might be important to note that employees themselves might most a considerable cyber risk.

A recent study about cybersecurity at work, conducted by Finn Partners Research, surveyed 500 office workers in the US, and found that almost half have clicked on links or opened attachments from unfamiliar senders.

This, despite the potential for such actions to result in the installation of malware on their devices, or the harvesting of sensitive corporate data.

Further, only 29% said they receive “cyber hygiene” training on a monthly basis from their IT team. Cyber hygiene refers to the updating of operating systems on devices, checking for security patches, and changing passwords.

Almost two of out five (17%) said they receive this training twice a year, while  23% go through it only once a year.

“While 31 percent of respondents have already been a victim of a breach or attack, the behaviour patterns to elicit security breaches remain,” said Jodi Brooks, managing partner and tech practice lead at Finn Partners.

She adds that it is time for companies to ramp up security vulnerability training. “It is no longer sufficient for organisations to roll out annual security trainings on the latest vulnerabilities.”

Check out more details about the study in the infographic below, along with some tips on addressing this particular security risk.