Cybersecurity, from all accounts, is the single most significant threat facing businesses for the next decade. Cybercriminals located in untouchable locations outside the US spare no effort in stealing data from everywhere they see an opportunity. B2B and B2C entities are equally at risk, carrying the responsibility of identity protection and safeguarding corporate assets.
Hackers’ tactics are daring, ingenious, unrelenting, and cunning. They pose a threat unimagined just a few years ago. A single penetration of cloud storage or a network can instantly wipe out a stellar brand reputation built over many years. Ransomware and malicious viruses can create damage that attacks revenues, customer lists, and sensitive intelligence. The costs of downtime, fines, IT resurrection, and credibility loss can deal a crippling blow from which there’s often no recovery.
It’s evident that an IT department cannot counteract the challenges unaided. It takes a total staff complement to conquer such a volatile situation, which means every person within an organization doing their part. But how many people are taking the matter as seriously as they should? That’s the million-dollar question.
How cybersecurity-centric are your employees?
We’d hope the answer was “all of them,” right? However, according to ThycoticCentrify, a company that commissioned the independent market research specialist Sapio Research to poll 8,000 workers worldwide, the reality is shocking. The survey asked respondents whether they had taken any cybersecurity risks over the past year, and discovered:
- Close to 79% of respondents took at least one cybersecurity risk.
- Over 35% ignored company protocols by saving passwords in their browsers,
- 32% relied on one password for multiple site access.
- Just short of 25% had no compunction in using a personal device to connect with the company’s network.
- Many clicked on unknown links and shared information, even though they knew it was risky.
- 98% admitted they knew the above actions were against the company security policy.
- 79% of respondents stated they witnessed a spike in fraudulent and phishing messages.
- An astounding 51% believed that IT departments have sole cybersecurity responsibility.
- Nonetheless, despite all the transgressions, observations, and missteps, only 16% of respondents felt their employer was exposed to cybersecurity attacks.
The survey signifies that “what we believe is happening” and “what employees are doing in practice” are firmly at odds. Moreover, ignorance of the rules and regulations is not a valid excuse. So, what’s going on here?
Redoubling company efforts is no longer an option
Employers must intensify training opportunities and apply penalties for actions outside the set protocols. It’s an ongoing mission that leaders cannot afford to lose sight of for even a moment. Unfortunately, it never rains but it storms, and the adverse cybersecurity circumstances that already existed pre-pandemic have accelerated substantially under the remote working transition. With employees moving to home offices, IT controls are in crisis mode, with every company facing mounting challenges. Some of many examples are:
- People working from home and taking company devices out of corporate premises.
- Staff working from coffee shops (and similar locations), using public Wi-Fi with leaky protections.
- Trying to establish enterprise-centric cybersecurity in home offices with the cooperation of technologically challenged employees.
- In 2020/21, only 44% of the survey respondents benefited from cybersecurity training.
So, what happened to the other 56%? In short, they were left to their own devices, with no IT pros around to discuss pressing issues. Evidence indicates that the SMB sector’s stats are in even more dire straits: staff training is far more neglected there than in the composite average.
In summary: Remote or hybrid working has thrown a bowling ball into the midst of the already shaky cyber protection skittles, creating considerable risks and potential hacker-led disruption. The takeaway is that no matter where people are working, cybersecurity training is a must. Furthermore, the researchers project that trained people are far more likely to rate cyber risk as high than in situations where education is limited or discontinuous.
Key findings from the survey as they related to the United States
In that same cybersecurity poll, US respondents delivered some startling revelations:
- 86% said their employers are under some cyber risk.
- Despite that, close to half admitted the company bypassed them for upgraded training in the last twelve months.
- Just north of 25% allowed family members to use corporate computers. Still, they don’t foresee any cyber dangers from these actions.
- Nearly 40% had no problem going to a Starbucks-type location, despite public Wi-Fi being as porous as a sponge.
- Less than 15% of the workers believed role-based restrictions were essential to access data.
Key findings from the survey as they related to business size
The survey also indicated that the scale of operation aligned closely with the cybersecurity training one received. Small and mid-sized business (SMB) employees are the most neglected.
- Over the past year, companies of ten or less covered less than 20% of the staff complement.
- Entities with eleven to fifty employees fared better at 32% but were still dismally undertrained.
- SMB level of education (even when provided) fell short of teaching multi-factor authentication (MFA) or Virtual Private Networks (VPNs)—routinely embraced in larger company programs.
Given that there are 31.7 million small businesses nationwide, the implications are somewhat frightening. Cybercriminals aware of these stats and widespread lack of vigilance can have a field day. It’s not much better in entities employing more than 5,000 employees, where less than 50% of employees are provided with “reminder” or new training.
The bottom line
Anyone reading through this survey and applying a reasonable degree of common sense will conclude that the cybersecurity risk is higher than ever. It’s waiting in the wings to impact every business—particularly the SMB sector. Unfortunately, employees are slow to learn and often indifferent to risks. As a result, most companies and their employees still haven’t fully recognized the seismic implications of the shift to remote working and the cybersecurity weaknesses that come with it.
Moreover, business leaders are overwhelmed by the pace of change, unable to apply the measures necessary to protect company data and intellectual assets from malicious intent. It’s time for leaders who are aware of the severe risks to introduce drastic measures and head off the cybercriminals and hackers that pose a significant risk. Unless they do, brand fragility will remain a prevalent problem. And as a result, there’ll be no end to the asset protection discussion for years to come.
How prepared are your employees to help protect your cyber security? Contact us to learn more about how Sogolytics can help to assess your employees’ cyber defenses and strengthen both your practices and your employee experience.