Infosec Cloud contacted key customers in the UK in late 2015 and early 2016 for an in-depth review of their current IT security posture, key concerns and planned areas for investment in 2016.
Worryingly the survey found that only 39% of IT professionals were confident that their organisation’s end users were security aware. In addition, only 22% thought that end users would contact IT if they noticed anything suspicious.
Improving end user security awareness certainly seems to be on the agenda of organisations in 2016, with employees viewed as the ‘weakest link’.
Understanding the tactics of cybercriminals, and sharing this information across the organisation will help employees, from the CEO down, to stay alert to the risks every day. This should include being vigilant when asked to click on email links, the sharing of personal and corporate information on social networking sites (including accepting connection invites) and remembering to only update information on legitimate websites, not via email links.
Infosec Cloud recommends organisations adopt a layered approach to cyber security which combines technology and employee security training. The most effective training is delivered in the workplace at the employee’s desk and incorporates simulated test phishing emails. Employees that are shown to be vulnerable to these attacks are given additional, focused training.
The survey was undertaken during Q4 2015 and Q1 2016 and comprised one-to-one phone interviews with IT security decision makers in UK-based organisations in all sectors, and ranging in size from 50 to over 1,000 employees.
Alternatively – email [email protected] for a copy of the report.