New research from DataSolutions, an Irish IT solutions provider, has revealed that a majority (60%) of senior IT decision makers consider human error to be the greatest threat facing Irish businesses and organisations at the moment. This is consistent with results of similar surveys in other countries such as the US or UK, as cyber criminals evolve to target end-users and take advantage of improperly-trained staff instead of trying to bypass or hack complex technical security measures. The survey also revealed that 93% of respondents claim that they have a formal cyber security and defense strategy in place to help navigate today’s online threat environment, particularly in a post-GDPR world.
Cyber criminals are becoming increasingly smart and how they target organisations, targeting un-training staff instead of complex technological security measures
Despite most companies claiming to have defenses in place, however, 63% of respondents still stated that they didn’t feel they were sufficiently prepared to face a cyber attack and would need to allocate further spending to improve their IT and security infrastructure.
DataSolutions security specialist David Keating said that Irish companies have been failing to address the element of human error by neglecting to provide security awareness training for staff, and that this could account for why so many security teams feel they are not completely prepared.
“An increased focus on training could help equip companies for the biggest perceived security threats,” he said. “From carelessness and error to phishing attacks, most of the leading security threats are heavily influenced by people and so employee cybersecurity training is a no-brainer for business leaders who are serious about cyber protection.”
Keating also praised companies who have so far taken the initiative to focus spending on their cyber security in the wake of the ever-changing threat landscape, saying that companies need to ensure their strategy is evolving – as cyber criminals are definitely updating their attack strategies.
“It is really encouraging to see companies investing more in their cybersecurity strategy. This is needed in an ever-evolving and increasingly sophisticated threat environment. Of those surveyed, 70% recognise the highly complex nature of modern cyber threats as the leading reason why security teams are not fully prepared to face today’s challenges.”
“Irish businesses are starting to take a more mature approach to security and accept that it is very likely they will be hit by an emerging threat. Hackers are always going to be one step ahead, so it is essential that companies have the right defence technology in place.”
However, Keating also warned that spending must be allocated smartly or could end up being ineffective, as an organisation’s cyber security strategy is only as secure as its weakest link – which is often the element of human error.
“Simply throwing more money at cybersecurity is not the answer to these new challenges. Organisations must adopt a strategic and targeted approach to effectively combat threats. Investing in current cybersecurity technology is a logical step for many, although one in five IT professionals admitting to using out-dated technology.”
DataSolutions will host its sixth annual Secure Computing Forum in the Aviva Stadium in Dublin on Thursday, 20th September 2018. It is one of Ireland’s largest cybersecurity events and more than 400 IT and business professionals are expected to attend.
Irish businesses who are concerned that they may be susceptible to phishing attacks can also undertake a phishing security test, to assess how many of their users may compromise their company in the event of a malicious phishing attack – by sending out a round of simulated, non-malicious phishing emails to all staff members and analysing the results.
Once the risk from phishing has been established, the next (crucial) step in addressing human error is to enroll all staff members in mandatory security awareness training, addressing the common threats they may face, how to stay safe when browsing the web at work or at home, and how to correctly identify and deal with sophisticated phishing threats. Speak to our team at Tech Guard today to find out more about how a security awareness training program can form an integral part of your organisation’s cyber security strategy.