Phishing. Social Engineering. Cyber attacks aimed at specific corporations. These are some of the concerns that many of the IT security professionals surveyed at the Black Hat USA 2017 conference stated, and is no doubt a concern of any manager involved in making certain his or her company is compliant. The Black Hat survey offers an eye-opening look into the cyber threats facing businesses today. Of the 580 IT security professionals surveyed, about 66 percent of them worked for large corporations with more than 1000 employees. The survey allowed the IT security professionals to select their top three answers, so the data would be more meaningful.
Security Foremost in the Minds of Black Hat Attendees
As might be expected, most IT professionals who attended this conference were concerned about their company’s security. More than two-thirds (67 percent) of those surveyed stated that within the next 12 months they would have to deal with a serious breach in security. Almost two-thirds (60 percent) were concerned that there would be a cyber attack on a critical US infrastructure. These attendees also felt that they were short-staffed to handle the crisis when it happened. A majority of professional (71 percent) stated they didn’t have enough staff to adequately combat such a cyber attack, and 61 percent felt that they could use more training to combat these threats effectively.
When asked what consumed most of their time, 35 percent of the respondents said that counteracting phishing, social engineering, and exploitation of social media took up most of their day. Indeed, these attacks are the biggest concern of half the attendees, showing how serious a problem it is. This problem is widespread and could affect your company.
What’s Responsible for Breaches in Security?
It’s not surprising that IT security professionals are concerned over phishing and social network exploitation due to breaches in security, but the surprising side is what — or rather, who — is actually to blame. Nearly one-fifth of the security professionals at the Black Hat said that they spent most of their time compensating for accidental data leak by users who did not follow security procedures. This was also a major concern of 21 percent of the IT professionals who answered the survey.
About one-third of the IT security professionals spent most of their time working on keeping their company compliant with regulatory and industry security guidelines. Even so, more than a quarter (26 percent) were constantly working on fixing breaches made by their own application programmers and more than one fifth (21 percent) spent most of their time fixing mistakes made by someone in the company or external attacks that caused their company to become non-compliant.
Clearly, breaches in security is a serious problem and are often caused by employees who do not fully understand the procedures or do not recognize the seriousness of their actions. Although more employees are taking IT security seriously, 58 percent of respondents did not believe non-security employees fully understood the security issues IT faces. In fact, 13 percent of IT professionals said that their users were “completely clueless.” Not a confidence builder if you’re the manager who must ensure your company is compliant with regulatory and industry security guidelines.
Your Employees Are Your Greatest Danger — and Greatest Asset
Your employees are the lifeblood of your company, but they are also your biggest security risk. Uneducated, your employees could accidentally cause security breaches that could cost your company thousands, or even millions of dollars. You can mitigate those risks through training. When each employee learns the dangers to the company and learns the correct security procedures, he or she becomes part of your “human firewall.” Your employees can stop security risks before they even occur by understanding and following your company’s security procedures.
At Global Learning Systems, we offer courses tailored to enhance security awareness and thwart security breaches.
What Can You Do?
While many organizations invest in protection technologies, technology can’t be successful without security awareness training for employees.