The financial sector’s top cybersecurity priority is staff awareness, according to a survey by the Financial Services Information Sharing and Analysis Center.
The survey, which polled more than 100 chief information security officers (CISOs), found that the biggest concerns were:
- Employee training (35%)
- Network defense and infrastructure upgrades (25%)
- Breach prevention (17%)
- Consumer protection (9%)
- Securing the Cloud and/or Internet of Things (9%)
- Penetration testing (3%)
- Meeting regulations (2%)
Addressing cybersecurity across your organization
The survey also found that board members are taking a greater interest in organizations’ cybersecurity practices, with 53% of CISOs saying they provide quarterly reports to the board. Another 8% said they provide reports more than four times a year, with some doing so monthly.
However, only 8% of respondents said they reported directly to the CEO. They are much more likely to report to the chief information officer (39%), chief risk officer (14%), or chief operating officer (13%).
The report urges CISOs to prioritize employee training regardless of their reporting structure, as employees are organizations’ first line of defense and their biggest vulnerability.
“Employee training should include awareness about downloading and executing unknown applications on company assets, and in accordance with corporate policies and relevant regulations, and training employees on how to report suspicious emails and attachments,” the report says.
Knowing where to begin with employee training can be tough, which is why IT Governance provides an Information Security Staff Awareness E-learning Course.
This course can be deployed across your organization to help anyone involved in information security understand how to stay secure. It aims to reduce the likelihood of human error by familiarizing employees with security policies and procedures, covering topics such as password security, creating backups, information security incidents, and business continuity.