|Sjouwerman emphasises the importance of educating employees to recognise potential network security threats|
Security is harder to maintain than it was a year ago according to a study done by KnowBe4, a US based security awareness company. Ransomware (CryptoLocker or CryptoDefense), rapid technology advances and adoption of BYOD create a greater challenge for businesses to stay abreast of the numerous internal and external threats that safeguard their systems and networks. According to a March 2014 study by KnowBe4 of IT Managers, fifty one percent of respondents find security harder to maintain now than a year ago while forty percent find it is about the same. Less than ten percent are finding it easier.
“The human factor is a leading source of security threats for today’s IT Manager,” says Stu Sjouwerman, CEO and Founder of KnowBe4. He advises, “To maintain security, every company should adopt the ‘defence-in-depth’ strategy and create a strong first layer that includes up - to-date security policies, procedures and security awareness training as this affects every aspect of an organisation’s security profile.” Opportunities for human error are growing at an alarming rate. The proliferation of BYOD is a threat vector that is more difficult for IT managers to monitor and secure. User smartphones, notebooks and tablets can create a potential for undetected entry points into the network. In the government sector, insider threats were nearly as great as external with fifty three percent of defence IT pros naming careless and untrained insiders as their top security threat. KnowBe4’s study shows sixty percent of IT Managers are looking to Security Awareness Training to help solve security issues in addition to using it to support compliance.
As phishing and social engineering tactics become increasingly complex, Sjouwerman emphasises the importance of educating employees to recognise potential network security threats. “Cybercriminals are constantly devising cunning new ways to trick users into clicking their phishing links or opening infected attachments.” Training such as the Kevin Mitnick Security Awareness Training allows IT managers to stay on top of these concerns, compliance requirements and ensure users are able to apply this knowledge to their day -to-day jobs.
To help organisations determine their security holes, KnowBe4 offers a free phishing security test to determine the percentage of employees who are Phish-prone™, or susceptible to phishing attacks.