The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

Security Education Vital Against Cyber Attacks

03 March 2016 | Updated 01 January 1970
 

IT decision makers in the UK view malware as the main security threat to their organisation but there is growing concern about phishing and ‘spear phishing’ in a report – Data Security and Risk Management Review – sponsored by managed service provider Advanced 365.

The report includes a survey which highlights the top 10 main threats facing organisations. While human actions (malicious or accidental) remain a major vulnerability, malicious software (malware) ranked above them as the number one threat facing organisations. Meanwhile, phishing and spear phishing appear to be the fastest growing risks with 65% of the 300 respondents identifying this as a threat they think is increasing in severity or frequency.
In addition, spamming appeared in fourth place, above denials of service (DDoS) and social engineering, the tactic of manipulating people to give up confidential information, e.g. passwords and bank details. There is also an increasing sophistication in these types of attacks with phishing e-mails which appear to come from a trusted source becoming more difficult to identify.

As a result of these escalating threats, raising awareness and knowledge of security issues among employees is increasingly important. The review considers the so-called ‘security knowledge gap’ between security professionals and other staff and also the information disparity between them and the criminals they are trying to stop. With threats evolving at such a fast pace, there are concerns that many businesses are playing catch-up with hackers.

When asked what the most important tool is for increasing knowledge and awareness of threats, exactly half of respondents suggested awareness-raising programmes. This was followed by formal training (39%), threat intelligence (36%) and industry/peer information (35%) The report states ‘it is clear that IT decision makers recognise the need for greater security training and education’. Respondents also agreed that training should be carried out at regular intervals.
“As threats such as malware and phishing become more targeted and sophisticated, it is reassuring that IT professionals recognise the importance of frequently educating staff and raising awareness of security issues as well as ensuring that their own skills keep up with those of the cyber-criminals,” stated Neil Cross, MD, Advanced 365. “It is equally vital for employees to be aware of what is at stake from a security perspective, both for them and the business, and why continuous awareness training is necessary to minimise potential vulnerabilities.”

Picture: A report from Advanced 365 sees malware as the main security threat but increasing concern about phishing and spear phishing

 

Article written by Mike Gannon | Published 03 March 2016

Share