Employee cybersecurity training, often described as the best way to protect an against cybersecurity threats, is falling short, a new report from enterprise IT management firm ManageEngine says.
Despite most organizations organizing various cybersecurity training sessions for their employees, they still end up making the same mistakes and placing their organizations at heightened risk.
The company polled more than 300 IT professionals in the UK and found that 67 percent of organizations raised employee awareness around security threats, while 66 percent provided cybersecurity training.
Despite this, 76 percent of all IT purchases are being made without direct approval from IT teams, while less than half (47 percent) adapted their company’s security strategy by introducing new solutions or configuring existing ones. Furthermore, only 42 percent monitor employee devices.
For Sridhar Iyengar, MD at Zoho Europe (parent company to ManageEngine), IT teams need to be more proactive with cybersecurity, by implementing device management solutions that can enable secure corporate access.
According to Chris Windley, Chairman and CEO of the Cyber Security Association, on the other hand, the solution is to emphasize the consultative role of the IT department and its leadership within the organization.
“The level in which IT is embedded within the wider organization still varies depending on the business,” he said.
“This disconnect, in terms of level of authority and lack of sufficient operating budget, is leading IT professionals to become ‘yes/no people’ as opposed to informed consultants to other teams. There needs to be a more collaborative approach in terms of how the IT team works with the business as a whole, and how it enables access to the right tools and software to ensure cyber and data security, and integrity.”
The challenge is only going to grow larger in the next two years, the report further states, as almost all companies (95 percent) plan to keep supporting their remote workforce. Many firms experienced an increase in phishing, account hijacking, social media-based attacks and endpoint network attacks during the pandemic.
Gloss