A recent Dtex System survey of more than 1,000 public and private sector employees with security clearance has revealed that just 13% believe that they are responsible for the security of their devices or information. 48% deflected the responsibility solely to IT departments and senior colleagues, while 39% believe that everyone has a responsibility to protect work devices and data.
- Just 1 in 3 identified that accessing company files on a personal device is a security risk
- 40% recognized that emailing confidential data is a security risk
- 53% said that no matter what proactive measures are enforced, hackers will still gain access. However, 43% were on confident that their organization will “probably never” be compromised
- 1 in 3 believed that they were more likely to get struck by lightning than have work data compromised
- 77% of respondents were confident that their organization provides a staff education program that included insider threats but failed to address the term
Jeff Miller, Director of US Public Sector at Dtex, said:
Each government employee has the potential to create a vulnerability with a single decision or action, and when they fail to recognize their role as ‘insiders,’ the risk to the organization increases exponentially as a result. With complete visibility into user behavior, it’s possible to spot the inconsistencies that equate to potential risks, improve employee education by identifying teachable moments and minimize the chances of a catastrophic cyber attack.
The findings demonstrate the inconsistency of security knowledge in the workplace. Finding a common ground and reducing the education gap is key. Everyone needs to be responsible and accountable for their actions and security habits. Negligence and lack of risk perception and identification only heighten the threat of an incident.
With security threats increasing in sophistication and volume, organizations must identify and address any knowledge gaps. Security defenses also need to be maintained, and organizations must acknowledge the need to protect themselves against internal as well as external threats.
To help increase staff awareness, we offer a comprehensive range of e-learning courses. Topics include information security, phishing and ransomware. Even basic training can prevent security incidents.
If you are interested in creating a complete culture change to achieve lasting organization-wide security awareness, consider our Security Awareness Program.