Staff top security risk, but employers won't train them, says survey
- 07 February, 2017 11:45
Only half of Australian businesses are planning to invest in security training for staff, despite 84 per cent believing careless employees are the most likely vector for a cyber attack.
A survey of 49 local businesses commissioned by EY found that employees were deemed the highest concern relating to cybersecurity, ahead of criminal syndicates (63 per cent), hacktivists (57 per cent) and state sponsored attackers (37 per cent).
However, only 56 per cent of respondents plan to invest in security awareness and training for staff.
“If businesses want to avoid the potentially significant monetary and reputational risks associated with a breach or attack resulting from staff carelessness, they need to invest in proper training – particularly when it comes to the safe use of mobile devices,” said Richard Watson, Ernst&Young Oceania cyber lead.
“While employees currently present the greatest risk to Australian organisations, as the front line of every organisation’s cyber defence, they also present the greatest opportunity to increase a business’s cyber resilience.”
In Australia, 90 per cent of respondents named poor user awareness and behaviour as the main risk associated with increased use of mobile devices at work, compared to 73 per cent of global respondents.
Human conditioning
Speaking to CIO Australia last year, Symantec’s global CSO Tim Fitzgerald said firms too often overlook the “human element”.
“My job is primarily cyber but it’s a space where CSOs and CISOs often overlook the human element,” he said. “We over rotate on the technical part of the job, we forget ultimately it’s people and their ideas that we’re protecting. The one human error is generally more damaging to us than systemic failure and control.”
Protecting the so-called human firewall applies to government too. Last month, Prime Minister Malcolm Turnbull announced that leaders of Australia’s political parties would be invited to a cyber security briefing – which would warn against opening attachments from unknown sources, poor password management and failing to use – by experts from the Australian Signals Directorate.
Turnbull said that the government’s biggest vulnerability to cyber attacks was human error, something he dubbed “warmware”.