Maintaining IT security is getting harder -- and it's your fault
Keeping systems secure is more difficult than it was a year ago and this is partly down to human error. So says a new study by security awareness company KnowBe4.
The rise of ransomware, the adoption of BYOD, and rapid changes in technology all make it harder for enterprises to guard against threats both inside and outside the organization.
The study, carried out among IT managers, finds that 51 percent of respondents are finding security harder to maintain now than a year ago while 40 percent find it's about the same. Less than 10 percent say are finding it easier.
Many of the risks come from human error. BYOD in particular is more difficult for IT managers to monitor and secure. User smartphones, tablets and laptops can create potential for undetected entry to a corporate network. "The human factor is a leading source of security threats for today’s IT Manager," says Stu Sjouwerman, CEO and Founder of KnowBe4. He advises, "To maintain security, every company should adopt the 'defense-in-depth' strategy and create a strong first layer that includes up-to-date security policies, procedures and security awareness training as this affects every aspect of an organization's security profile".
In the government sector, insider threats are seen as nearly as great a problem as external ones. In the survey 53 percent of defense IT pros named careless and untrained insiders as their top security threat. KnowBe4's study shows 60 percent of IT Managers are looking to Security Awareness Training to help solve security issues in addition to using it to support compliance.
Sjouwerman stresses how important it is to educate employees to recognize potential network security threats, "Cybercriminals are constantly devising cunning new ways to trick users into clicking their phishing links or opening infected attachments".
KnowBe4 offers a free test for companies to see what percentage of their employees are susceptible to phishing attacks.