CompTIA study: Employees’ bad cybersecurity habits still a major threat to US organizations
A new study by CompTIA on cybersecurity habits in the workplace shows that careless employee behaviors around technology are the biggest threats to information security in organizations.
“Though employees are largely aware of the risks of poor cybersecurity habits, many don’t apply that knowledge.”
CompTIA’s new study, Cyber Secure: A Look at Employee Cybersecurity Habits in the Workplace, on security behavior of workers in the U.S., reports there is still a significant lag in the implementation and the effectiveness of security training. Most alarming is that 45% of employees nationwide still receive no training.
Graphic Source and Copyright: CompTIA Cyber Secure:A Look at Employee Cybersecurity Habits in the Workplace
CompTIA also utilized a social engineering tactic to observe the behaviors of workers in a real-world situation. Hundreds of USB thumb drives were scattered across public spaces in several US cities. 17% of the people who picked up one of the jump drives plugged the USB device into their computer and emailed the address or clicked the link displayed. Frighteningly, of the 17%, some worked in the security office of a large multinational (they of all people should have known better).
“Being aware of IT best practices isn’t enough; cybersecurity is reflected in the many technology decisions employees make daily, whether it’s changing logins regularly, avoiding predictable passwords or dodging phishing attempts.”
Whether companies want to admit it or not, insiders (employees) continue to be the biggest information security threat that organizations face. Lack of training, or insufficient training, can no longer be tolerated. The complexity of the technology is such that relying solely upon automated means of protecting your environment will not work.
Access the full study at CompTIA.
Guest post by Paul L. Kendall, Senior Consultant, Advisory Services at Accudata Systems, Inc.
This post was republished from his original post on LinkedIn Pulse.
Accudata Systems is an IT consulting and integration firm with 33 years of experience providing high-impact infrastructure services and integrated solutions.