What’s giving you a Headache?
CyberEdge just published the results of their survey of more than 750 IT security practitioners, and the upshot of their conclusions is consistent with other reports covering the same territory:
- Technology is falling short, and
- Much more needs to be done on the security awareness front
The 2014 Cyberthreat Defense Report highlights malware and phishing as the two greatest causes of IT security professionals’ headaches. In fact, the report finds that security professionals are far more concerned with the behaviors of people inside of the organization than they are with cyber-criminals on the other side of the firewall. “Low security awareness among employees,” it finds, “is the greatest inhibitor to adequately defending against cyberthreats.”
The ill-advised user actions include all the usual suspects: the opening of suspicious email attachments, using USB memory sticks from untrusted sources, visiting questionable websites, creating weak passwords, not to mention a growing susceptibility to phishing.
While the lack of competent security awareness tops the list of concerns, what’s equally noteworthy is the problem occupying the 2nd position: “lack of budget.” Indeed, technology solutions are expensive. But also making the list is the observed “lack of effective solutions in the market,” which is actually typical of a technology-based orientation to information security. After all that, here’s where we end up: we have a lack of budget to spend on nonexistent solutions that don’t fix the fundamental people problems.
No wonder these people have headaches!
Now here’s the good news: all three of these “lackings” are easily addressed with a proper security awareness training program—and here are three reasons why: 1) it absolutely solves the awareness problem, 2) is easy on the budget, and 3) it more than compensates for the inadequacies of the technical solutions. It really is that easy—and effective.
So here again is yet another in-depth industry report that finds the human endpoint to be the one of greatest concern—and the single greatest source of IT headaches. Maybe it’s time to take an aspirin—in the form of an endpoint protection plan that is also the most cost-effective: security awareness training.
We hope you’ll take a bit of time to peruse the many posts and content assets here, as they’ll help you see just how far such a simple remedy can take you in your efforts to secure your organization. Need help sorting it out? Give us a shout.