The way cybersecurity awareness training is conducted in organizations has a huge bearing on employees’ subsequent security outlook and behaviours, according to a new report from Osterman Research.

The researchers discovered that users who found security training “very interesting” were over 13-times more likely to make “fundamental changes” to how they think about security compared to those who considered the training “boring.”

The survey of 1000 US everyday employees, IT managers and decision-makers also found that the quantity of security awareness training given makes a major difference, with the ability of staff to spot and deal with security threats such as phishing and business email compromise improving as more training is provided.

Encouragingly, it appears as though organizations are set to place much greater emphasis on security awareness training going forward, with around 45% of employees surveyed expecting to spend 15 minutes or more per month in training by mid-2021, a substantial rise from 26% in 2020. In addition, this type of training was regarded as just as important as technology in dealing with security threats by respondents.

Despite this, the authors said that although organizations generally want to establish a strong cybersecurity culture, IT, security and business leaders are not effectively conveying that idea to a large proportion of their employees, with senior IT and business management much more enthusiastic about security awareness training than non-management employees.

Overall, the report noted that “security and IT leaders, their staff members, and business leaders are largely onboard with the idea that developing a strong cybersecurity culture is important; everyday employees, however, are much less convinced about the importance of doing so, indicating that the goal of developing a robust security culture has not yet been achieved in most organizations.”

Lisa Plaggemier, chief strategist at MediaPRO, which co-sponsored the research, added: “Security awareness training doesn’t do anyone any good if they sleep through it. You can deliver the best security advice in the world, but if no one is listening, you might as well be talking to a brick wall.

“Good security awareness training should get and keep your attention. That’s what it means to be engaging.”

 

We’re Blazon

At Blazon Technologies, we specialized in protecting our clients’ network and data, ensuring they can keep running their business even if disaster strikes them. To find out how we can help you with your security and protection, contact us for more information.

 

News Source: https://www.infosecurity-magazine.com/

IT leaders have suffered significantly higher numbers of data breaches as a result of outbound email in the last 12 months.

According to research by Egress, 93% of 538 IT leaders surveyed reported a breach in the past year due to an email error, with 70% of those believing remote working increases the risk of sensitive data being put at risk from outbound email data breaches.

Egress CEO Tony Pepper said the problem is only going to get worse with increased remote working and higher email volumes, which create prime conditions for outbound email data breaches of a type that traditional DLP tools simply cannot handle.

“Instead, organizations need intelligent technologies, like machine learning, to create a contextual understanding of individual users that spots errors such as wrong recipients, incorrect file attachments or responses to phishing emails, and alerts the user before they make a mistake,” he said.

The most common breach types were replying to spear-phishing emails (80%), emails sent to the wrong recipients (80%) and sending the incorrect file attachment (80%).

Speaking to Infosecurity, Egress VP of corporate marketing Dan Hoy, said businesses reported an increase in outbound emails since lockdown, “and more emails mean more risk.” He called this a numbers game which has increased risk as remote workers are more susceptible and likely to make mistakes the more they are removed from security and IT teams.

According to the research, 76% of breaches were caused by “intentional exfiltration.” Hoy confirmed this is a combination of employees innocently trying to do their job and not cause harm by sending files to webmail accounts, but this does increase risk “and you cannot ignore the malicious intent.”

This is where better technology could better resolve the problem, he said, as current technology (such as static rule-based data loss prevention) does not catch these issues and problems increase. “Technology needs to shoulder more of the burden,” Hoy added

Furthermore, almost two-thirds (62%) of businesses rely on people to identify outbound email data breaches, whilst 24% of IT leaders said the employee who sent the email would disclose their error. In terms of action taken, 46% of respondents said the employee who caused a breach was given a formal warning, while legal action was taken in 28% of cases. In 27% of serious breach cases, respondents said the employee responsible was fired.

Hoy pointed to the 62% statistic and the fact that we are “still reliant on people to self-report incidents” and called outbound email errors combined with remote workers as a “perfect storm.” Regarding employees being reprimanded, he said it is an interesting debate as to where responsibility lies.

Pepper said: “Relying on tired, stressed employees to notice a mistake and then report themselves or a colleague when a breach happens is unrealistic, especially given the repercussions they will face. With all the factors at play in people-led data breach reporting, we often find organizations are experiencing 10-times the number of incidents than they are aware of.

“It’s imperative that we build a culture where workers are supported and protected against outbound email breach risk with technology that adapts to the pressures they face and stops them from making simple mistakes in the first place. As workers get used to more regular remote working and reliance on email continues to grow, organizations need to step up to safeguard both employees and data from rising breach risks.”

 

We’re Blazon

At Blazon Technologies, we specialized in protecting our clients’ network and data, ensuring they can keep running their business even if disaster strikes them. To find out how we can help you with your security and protection, contact us for more information.

A large proportion of employees are using their own devices to access data belonging to their company, according to a new study by Trend Micro.

Researchers found that 39% of workers use personal smartphones, tablets, and laptops to access corporate data, often via services and applications hosted in the cloud.

The Head in the Clouds study, which surveyed more than 13,000 remote workers globally, found that many of the personal devices used to access company data were not as secure as their corporate equivalents.

A further finding of the study was that more than half (52%) of global remote workers have IoT devices connected to their home network, with 10% using lesser-known brands.

Since home networks typically offer security protection that is inferior to that which a business can afford to implement, researchers expressed concern that attackers could access home networks, then use unprotected personal devices as a stepping stone into the corporate networks they’re connected to.

Getting access to personal devices may not present much of a challenge to threat actors, given that over one-third (36%) of remote workers surveyed did not have basic password protection on all personal devices.

“The fact that so many remote workers use personal devices for accessing corporate data and services suggests that there may be a lack of awareness about the security risks associated with this,” commented cyberpsychology expert Dr. Linda K. Kaye.

“Tailored cybersecurity training which recognizes the diversity of different users and their levels of awareness and attitudes around risks would be beneficial to help mitigate any security threats which may derive from these issues.”

The research also revealed that 70% of global remote workers connect corporate laptops to the home network, opening up the possibility for malware infections to be brought from the home into the office.

“IoT has empowered simple devices with computing and connectivity, but not necessarily adequate security capabilities,” said Bharat Mistry, principal security strategist at Trend Micro.

“This threat is amplified as an age of mass remote work blurs the lines between private and company devices, putting both personal and business data in the firing line.”

 

We’re Blazon

At Blazon Technologies, we specialized in protecting our clients’ network and data, ensuring they can keep running their business even if disaster strikes them. To find out how we can help you with your security and protection, contact us for more information.

The COVID-19 pandemic – and the lockdowns that followed last spring – wrought changes across IT operations and strategy as businesses and employees adjusted to a new environment. But what changes were made, and which ones are likely to last?

Spiceworks Ziff Davis, a B2B tech marketplace, polled 1,073 IT buyers in North America and Europe in June and July 2020 to find out. The results in its 2021 State of IT report, released today, show that the pandemic-fueled transformation will continue, affecting both planning and budgets for the long term.

The survey shows that 76% of businesses envision long-term IT changes, with more than half planning to retain flexible work policies (such as remote work); 64% of companies enabled remote work in 2020 due to the pandemic.

 

How IT budgets will change

IT budgets at 46% of companies are expected to remain flat in 2021, while 33% expect to increase spending and 17% expect budget declines – essentially double the 8% who had expected budgets to decline this year when surveyed in 2019. (The remaining 4% did not know if their budgets would change in 2021.) Overall, budgets are expected to decline, with the size of the cuts surpassing spending increases by 33%.

European and North America firms had the same percentage expecting increases (33%), but North American firms were more likely to expect declines than European ones, 21% vs. 12%. The largest companies were more likely to expect budget cuts (24%) and less likely to expect increases (28%) than the average.

Hardware spending will remain the biggest component of IT budgets but will decline as part of a shift from the data center to the cloud and managed services. Hardware spending was already dropping, from 35% in 2019 to an expected 31% in 2021. Cloud and hosted services’ share of IT budgets are moving in the opposite direction, from 21% last year to an expected 24% in 2021. Software budgets are expected to stay flat at 29% compared to 2020. Enterprises will spend more on cloud (27%) than the average, and less on hardware (25%) and software (26%) than the average.

The top areas of investment will be in bread-and-butter IT areas, essentially modernizing work processes. For example, 36% plan to improve IT operations and systems performance; 33% expect to improve security and governance; 32% plan to deploy standardized tools to connect employees; 30% plan to provide training aids to remote employees; and 27% want to refine their disaster recovery plans to accommodate additional scenarios.

Investments in emerging and cutting-edge technologies will drop significantly, as the focus changes to more immediate, proven needs. Efforts on digital transformation will increase at 44% of firms, but “digital transformation” in this context means adopting digital technologies for highly analog processes – adopting proven technology systems– not bringing in cutting-edge innovations.

The technology innovation trends that IT buyers do expect to adopt are mainly long-standing ones:

A third of planned increases in 2021 IT budgets are influenced by the pandemic, particularly involving communications tools, infrastructure, and security. For companies expecting to increase budgets, upgrading outdated IT infrastructure, getting IT projects done more quickly, addressing security concerns, addressing changes brought by the pandemic, and supporting remote work are major drivers for 2021.

 

How IT’s focus shifted as the pandemic unfolded

In March 2020, during the height of the adjustments required as COVID-19 related lockdowns became common, these tech areas got more attention from IT buyers: video conferencing, VDI, firewalls, network monitoring, communications systems, and collaboration tools.

And in May and June, a holding pattern developed, with no new strong drivers of IT attention.

The focus shifted dramatically to security by June, after the initial efforts to respond to the crisis were in place. Endpoint device security is the top security-related concern for remote-work efforts, cited by 55% of respondents.

 

We’re Blazon

At Blazon Technologies, we specialized in protecting our clients’ network and data, ensuring they can keep running their business even if disaster strikes them. To find out how we can help you with your security and protection, contact us for more information.

News Source: https://www.computerworld.com/

logo

On 12 March 2020, The World Health Organization (WHO) officially declared the COVID-19 a world wide pandemic. Since then there has been a big disruption in how people gather, commute and work. To safeguard themselves and employees from this pandemic that is not going away anytime soon, companies should start implementing work from home (WFH) measurements if they had not already done so.

Below are WFH methods companies can employed to let their employees WFH.

Read more

logo

When the time is right for your business to bring on a Managed IT Services provider there are several things to consider before signing a contract. Businesses both large and small have certain needs that are better managed by professionals. Contracting with a managed service provider allows owners and upper level management to focus their attention on growing and managing the business. Teaming up with a managed service provider has several benefits if you choose the right partner. Conversely bringing on a managed service provider that doesn’t understand your needs or one that is unable to provide the level of service required can be an expensive mistake. Here we look at the things you should consider before signing on the dotted line.

Read more

Too many people have neglected just how much time and money they could have saved just by having monitoring services only. Last week we had an incident that stress the importance of having constant monitoring on your network, and how it reduces your downtime dramatically.

To illustrate how you can save time and money with monitoring, let’s first look at the typical scenario that would occurred with a non monitored network.

Read more

Information Technology services are essential to the success of every organization, large or small. With increasingly competitive business environments, CEOs and small business owners are under great pressure to maintain a highly qualified staff and to make sure their technology is obtaining a better ROI than their competitors’.

These goals are not easily achieved, particularly for young or small businesses with less financial resources and time available. Having your own successful information technology department can eat up too much of the company’s budget and time resources, and eventually cause a loss of its competitive edge. These disadvantages of maintaining an in-house IT department are why companies of all sizes have turned to using managed service providers to either assist their existing IT department or become their virtual IT department, handling all of the technology involved in keeping their businesses running at optimal levels.

Read more

This is part two in this series for network connectivity troubleshooting.  Confirming the connectivity with the Internet was the focus of the first four steps in our process. We now continue with the remaining steps to help you discover what the problem with your Internet connection might be.

Read more

To most computer support persons, having problems connecting to the Internet via a router and a high-speed connection is not a major issue. However, for those who do not understand some basic technology concepts, solving connectivity problems will be a struggle. The following will give you some tips of where to look for network connection problems and how to perform some basic network connectivity troubleshooting tasks.

Most of the initial steps of this process are common-sense and incredibly basic, but you would be surprised at the number of calls to help desks that are solved simply by having someone turn on a power switch or plug in a cable to a device!

Read more