Thursday, July 18 2024

A report on the challenges to a “cyber smart culture” within organizations reveals that conventional cybersecurity training methods are ineffective in building a strong cyber culture, as they lack creativity and often fail to engage employees.

Fujitsu surveyed 331 senior executives occupying various roles at organizations in 14 countries working in five broad industry groups: financial services, retail, manufacturing, energy, and central/federal government.

Researchers note that in an age of remote working, “cyber secure behaviors need to become second nature to people across the workforce spectrum.” However, they found that 54% of senior executives admit that in the past year, they have been unable to adjust their security policies to fit with changes in the threat landscape resulting from the pandemic.

Additionally, 45% of those surveyed believe that most people in their organization think that cybersecurity has nothing to do with them. With organizations increasingly exposed to vulnerabilities, employees must understand cybersecurity as not just a responsibility of CISOs, but also a responsibility of their own, notes Fujitsu. This misconception is exacerbated by ineffective cybersecurity training—61% of senior executives say that cybersecurity training is ineffective, and 2% even claim that training tailored to specific roles has never been done.

Technical and non-technical employees have been shown to have different views on the effectiveness of online training. When assessing the effectiveness of digital security training, 64% of technical respondents, i.e., those who work in teams dealing with IT, believe it to be effective, while only 45% of non-technical respondents do so. Only 29% of non-technical respondents view security training as effective even when it is tailored to their role and needs, while 43% of technical respondents do so.

Fujitsu found that the content of the training is important in ensuring the effectiveness of training. 69% of non-technical respondents say that training is most effective when it involves creative activities such as games and quizzes, but just 26% of non-technical workers find current training schemes to be interesting—35% say that they are boring, the same proportion claim that they are too technical, and 32% say that they are too long.

With the threat landscape evolving over the course of the pandemic, researchers suggest not only to take on new training approaches, but also to foster cybersecurity-related dialogue between senior executives and employees about cybersecurity practices in personal settings, which could prompt shifts in behavior in the work context.

Previous

Cybersecurity M&A and Funding Update: June 11

Next

US and EU Launch Trade and Technology Council

Check Also

Widget

Don’t Miss

Sevco Security Platform Product Review

Ellie Buscemi

What is the Sevco Security Platform? The Sevco Security Platform is a cyber asset attack service management (CAASM) product that focuses on aggregating and correlating data from across a company’s cybersecurity infrastructure to give cybersecurity professionals a better sense of what the company’s infrastructure looks like as a whole. The platform’s sources include a company’s […]

Cyber Deals: Huntress, Cyberhaven, and SpyCloud

CISOstack

Cybersecurity Surge: Top Funding Rounds and Strategic Acquisitions Fuel Growth in AI, Cloud Security, and Threat Prevention Solutions

Fidelis Elevate: A Deep Dive

Ellie Buscemi

What is Fidelis Elevate? Fidelis Elevate is an open extended detection and response (open XDR) solution focusing on network protection, endpoint security, and cyber attacker deception. The platform aims to protect various elements of a company’s infrastructure, such as devices and servers while tracking suspicious behavior and preventing access to cyber criminals. What features does […]

Partially closed laptop screen

Best Extended Detection and Response (XDR) Solutions

Lara Oporto

What is Extended Detection and Response and how does it work? Extended Detection and Response (XDR) is a cybersecurity system that gathers information from different places like computers, networks and emails. Unlike other security tools that focus on one area like computers or networks, XDR looks at everything together. The comprehensive approach helps to find […]

Close up of computer chip

Best Managed Detection and Response (MDR) Solutions

Lara Oporto

What is Managed Detection and Response? Managed Detection and Response (MDR) is a cybersecurity service that provides continuous monitoring, threat detection and incident response capabilities. MDR achieves these capabilities through the deployment of advanced technologies such as machine learning and behavioral analytics as well as analysis from security professionals. MDR is a cybersecurity service that […]

Best Hyperconverged Infrastructure Software

Ellie Buscemi

What is Hyperconverged Infrastructure and how does it work? Hyperconverged infrastructure (HCI) is a software that provides computing, storage and network operations for a company from a single point on a company’s hardware. Originally, computing, storage and network operations were divided in a company’s hardware infrastructure and potentially provided by separate vendors with different management […]