Cyber attacks have been getting plenty of attention, especially in recent years with major companies and institutions like Delta, Yahoo, and the DNC having their names added to the list of victims. It’s easy to turn the focus to the threat outside of your building, as it should be.
But just as you’re responsible for protecting your home with proper security measures (like locking the front door, closing the windows, etc.) – your management team and employees should take part in the right measures to prevent cyberattacks from occurring. According to a recent study, that’s where significant problems can be traced. When it comes to data breaches, the main culprit involved is human error instead of technological issues.
The Information Systems Security Association (ISSA) and Enterprise Strategy Group (ESG) recently released a report that included a survey of 437 information security experts and ISSA members. More than half of the experts surveyed said their companies had experienced at least one security incident.
The findings concluded that many cybersecurity risks were a result of lack of employee training, insufficient numbers of cybersecurity experts, and low boardroom prioritization.
More specifically, 31 percent said that their cybersecurity team was not large enough, about 25 percent said that employee training was inadequate to prevent cyberattacks, and 21 percent said that executive management did not make cybersecurity a high priority.
An ESG executive said the findings constitute an existential threat. “How can we expect cybersecurity professionals to mitigate risk and stay ahead of cyber threats when they are understaffed, underskilled, and burned-out?,” said Jon Oltsik, senior principal analyst for ESG.
In addition to beefing up employee training, it’s important to keep these cybersecurity measures in mind, as outlined by the cyber risk consultant group TSC Advantage:
- Regularly check for gaps by performing penetration tests, vulnerability scans and security assessments.
- Be ready by having a business continuity plan in place in the event of a cyberattack.
- Prioritize your critical assets, and take extra measures to secure them.