Poor data security training leads to more vulnerabilities
Poor data security training leads to more vulnerabilities.
Today's business world is highly digital, requiring companies to use online resources more often than ever before if they want to remain efficient and competitive with rival organizations. While using next-generation web tools can enhance employee productivity, failing to implement the proper security tools can ultimately jeopardize an enterprise's sensitive information.
This is especially true in regard to email, which lets virtually anyone send and receive messages. A new study by PhishMe revealed the dangers of improperly using email, as approximately 69 percent of survey respondents said they regularly encounter spear phishing messages, despite having anti-spam software.
Spear phishing is an online attack in which malicious individuals send a seemingly innocuous message to a user that contains some ulterior malign motive. These attacks are becoming increasingly frequent today, as more enterprises embrace BYOD (bring your own device) programs that let individuals use personal electronics to access corporate resources.
"Many enterprises believe that because they are using spam filtering tools or other email security technologies, they are safe from phishing attacks," PhishMe product management and services vice president Scott Greaux said. "What we found in our survey is that despite such filters, end users are presented with live, malicious attacks in their inboxes nearly every day."
Cyber landscape is becoming more malevolent
The survey, which polled 250 security professionals during the recent Black Hat conference in Las Vegas, revealed that approximately 27 percent of respondents said at least one of their senior-level executives has been compromised by a spear phishing attack within the last 12 months. An additional 31 percent said they were unsure if their data security capabilities had been jeopardized.
Despite the awareness of these web threats, roughly 49 percent of respondents said employees are only trained in regard to securing sensitive solutions once a year. Conversely, about 9 percent said they have no data protection training programs at all.
"This survey demonstrates with great clarity that phishing attacks – particularly targeted attacks – are getting through to end users with alarming regularity, yet most organizations don't train their users on what the most current attacks look like or how to react to them," PhishMe CTO and co-founder Aaron Higbee said.
This was echoed in another survey by Guidance Software, which revealed that approximately 64 percent of U.K. employees do not receive any training material relating to how they can enhance data loss prevention by avoiding malware and other malicious resources. Another 23 percent of survey respondents said they didn't think the protection of confidential records in their office was a problem, IDG News Service reported.
"A large proportion of workers clearly believe they play an important role in protecting against malware attacks and keeping data secure and half understand the risks associated with devices," Guidance Software's Frank Coggrave said, according to IDG News Service. "But the majority are not being adequately trained."
Higbee asserted that enterprises need to be more assertive and proactive in their data security practices if they want to keep sensitive solutions and information secure. Decision-makers need to ensure they implement a regular and realistic training regimen for employees, as taking a passive stance will only put a company more at risk.
The need to keep sensitive solutions out of harm's way is becoming even more important today during the evolution of mobile solutions and cloud computing, as these technologies allow individuals to access mission-critical resources from virtually anywhere in the world. By educating employees how to safely access confidential records, businesses may be able to keep sensitive information safe, despite the ever-growing presence of web threats.
Data Security News from SimplySecurity.com by Trend Micro
Spotlight
Cloud Computing
- US makes large investment in cyber weaponry
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- Cloud security group develops third-party certification program
- US makes large investment in cyber weaponry
- SEC may ask for more information after cyberattacks
- FBI trying to train financial execs on cyber threats
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet