The way cybersecurity awareness training is conducted in organizations has a huge bearing on employees’ subsequent security outlook and behaviours, according to a new report from Osterman Research.

The researchers discovered that users who found security training “very interesting” were over 13-times more likely to make “fundamental changes” to how they think about security compared to those who considered the training “boring.”

The survey of 1000 US everyday employees, IT managers and decision-makers also found that the quantity of security awareness training given makes a major difference, with the ability of staff to spot and deal with security threats such as phishing and business email compromise improving as more training is provided.

Encouragingly, it appears as though organizations are set to place much greater emphasis on security awareness training going forward, with around 45% of employees surveyed expecting to spend 15 minutes or more per month in training by mid-2021, a substantial rise from 26% in 2020. In addition, this type of training was regarded as just as important as technology in dealing with security threats by respondents.

Despite this, the authors said that although organizations generally want to establish a strong cybersecurity culture, IT, security and business leaders are not effectively conveying that idea to a large proportion of their employees, with senior IT and business management much more enthusiastic about security awareness training than non-management employees.

Overall, the report noted that “security and IT leaders, their staff members, and business leaders are largely onboard with the idea that developing a strong cybersecurity culture is important; everyday employees, however, are much less convinced about the importance of doing so, indicating that the goal of developing a robust security culture has not yet been achieved in most organizations.”

Lisa Plaggemier, chief strategist at MediaPRO, which co-sponsored the research, added: “Security awareness training doesn’t do anyone any good if they sleep through it. You can deliver the best security advice in the world, but if no one is listening, you might as well be talking to a brick wall.

“Good security awareness training should get and keep your attention. That’s what it means to be engaging.”

 

We’re Blazon

At Blazon Technologies, we specialized in protecting our clients’ network and data, ensuring they can keep running their business even if disaster strikes them. To find out how we can help you with your security and protection, contact us for more information.

 

News Source: https://www.infosecurity-magazine.com/

IT leaders have suffered significantly higher numbers of data breaches as a result of outbound email in the last 12 months.

According to research by Egress, 93% of 538 IT leaders surveyed reported a breach in the past year due to an email error, with 70% of those believing remote working increases the risk of sensitive data being put at risk from outbound email data breaches.

Egress CEO Tony Pepper said the problem is only going to get worse with increased remote working and higher email volumes, which create prime conditions for outbound email data breaches of a type that traditional DLP tools simply cannot handle.

“Instead, organizations need intelligent technologies, like machine learning, to create a contextual understanding of individual users that spots errors such as wrong recipients, incorrect file attachments or responses to phishing emails, and alerts the user before they make a mistake,” he said.

The most common breach types were replying to spear-phishing emails (80%), emails sent to the wrong recipients (80%) and sending the incorrect file attachment (80%).

Speaking to Infosecurity, Egress VP of corporate marketing Dan Hoy, said businesses reported an increase in outbound emails since lockdown, “and more emails mean more risk.” He called this a numbers game which has increased risk as remote workers are more susceptible and likely to make mistakes the more they are removed from security and IT teams.

According to the research, 76% of breaches were caused by “intentional exfiltration.” Hoy confirmed this is a combination of employees innocently trying to do their job and not cause harm by sending files to webmail accounts, but this does increase risk “and you cannot ignore the malicious intent.”

This is where better technology could better resolve the problem, he said, as current technology (such as static rule-based data loss prevention) does not catch these issues and problems increase. “Technology needs to shoulder more of the burden,” Hoy added

Furthermore, almost two-thirds (62%) of businesses rely on people to identify outbound email data breaches, whilst 24% of IT leaders said the employee who sent the email would disclose their error. In terms of action taken, 46% of respondents said the employee who caused a breach was given a formal warning, while legal action was taken in 28% of cases. In 27% of serious breach cases, respondents said the employee responsible was fired.

Hoy pointed to the 62% statistic and the fact that we are “still reliant on people to self-report incidents” and called outbound email errors combined with remote workers as a “perfect storm.” Regarding employees being reprimanded, he said it is an interesting debate as to where responsibility lies.

Pepper said: “Relying on tired, stressed employees to notice a mistake and then report themselves or a colleague when a breach happens is unrealistic, especially given the repercussions they will face. With all the factors at play in people-led data breach reporting, we often find organizations are experiencing 10-times the number of incidents than they are aware of.

“It’s imperative that we build a culture where workers are supported and protected against outbound email breach risk with technology that adapts to the pressures they face and stops them from making simple mistakes in the first place. As workers get used to more regular remote working and reliance on email continues to grow, organizations need to step up to safeguard both employees and data from rising breach risks.”

 

We’re Blazon

At Blazon Technologies, we specialized in protecting our clients’ network and data, ensuring they can keep running their business even if disaster strikes them. To find out how we can help you with your security and protection, contact us for more information.

A large proportion of employees are using their own devices to access data belonging to their company, according to a new study by Trend Micro.

Researchers found that 39% of workers use personal smartphones, tablets, and laptops to access corporate data, often via services and applications hosted in the cloud.

The Head in the Clouds study, which surveyed more than 13,000 remote workers globally, found that many of the personal devices used to access company data were not as secure as their corporate equivalents.

A further finding of the study was that more than half (52%) of global remote workers have IoT devices connected to their home network, with 10% using lesser-known brands.

Since home networks typically offer security protection that is inferior to that which a business can afford to implement, researchers expressed concern that attackers could access home networks, then use unprotected personal devices as a stepping stone into the corporate networks they’re connected to.

Getting access to personal devices may not present much of a challenge to threat actors, given that over one-third (36%) of remote workers surveyed did not have basic password protection on all personal devices.

“The fact that so many remote workers use personal devices for accessing corporate data and services suggests that there may be a lack of awareness about the security risks associated with this,” commented cyberpsychology expert Dr. Linda K. Kaye.

“Tailored cybersecurity training which recognizes the diversity of different users and their levels of awareness and attitudes around risks would be beneficial to help mitigate any security threats which may derive from these issues.”

The research also revealed that 70% of global remote workers connect corporate laptops to the home network, opening up the possibility for malware infections to be brought from the home into the office.

“IoT has empowered simple devices with computing and connectivity, but not necessarily adequate security capabilities,” said Bharat Mistry, principal security strategist at Trend Micro.

“This threat is amplified as an age of mass remote work blurs the lines between private and company devices, putting both personal and business data in the firing line.”

 

We’re Blazon

At Blazon Technologies, we specialized in protecting our clients’ network and data, ensuring they can keep running their business even if disaster strikes them. To find out how we can help you with your security and protection, contact us for more information.

The COVID-19 pandemic – and the lockdowns that followed last spring – wrought changes across IT operations and strategy as businesses and employees adjusted to a new environment. But what changes were made, and which ones are likely to last?

Spiceworks Ziff Davis, a B2B tech marketplace, polled 1,073 IT buyers in North America and Europe in June and July 2020 to find out. The results in its 2021 State of IT report, released today, show that the pandemic-fueled transformation will continue, affecting both planning and budgets for the long term.

The survey shows that 76% of businesses envision long-term IT changes, with more than half planning to retain flexible work policies (such as remote work); 64% of companies enabled remote work in 2020 due to the pandemic.

 

How IT budgets will change

IT budgets at 46% of companies are expected to remain flat in 2021, while 33% expect to increase spending and 17% expect budget declines – essentially double the 8% who had expected budgets to decline this year when surveyed in 2019. (The remaining 4% did not know if their budgets would change in 2021.) Overall, budgets are expected to decline, with the size of the cuts surpassing spending increases by 33%.

European and North America firms had the same percentage expecting increases (33%), but North American firms were more likely to expect declines than European ones, 21% vs. 12%. The largest companies were more likely to expect budget cuts (24%) and less likely to expect increases (28%) than the average.

Hardware spending will remain the biggest component of IT budgets but will decline as part of a shift from the data center to the cloud and managed services. Hardware spending was already dropping, from 35% in 2019 to an expected 31% in 2021. Cloud and hosted services’ share of IT budgets are moving in the opposite direction, from 21% last year to an expected 24% in 2021. Software budgets are expected to stay flat at 29% compared to 2020. Enterprises will spend more on cloud (27%) than the average, and less on hardware (25%) and software (26%) than the average.

The top areas of investment will be in bread-and-butter IT areas, essentially modernizing work processes. For example, 36% plan to improve IT operations and systems performance; 33% expect to improve security and governance; 32% plan to deploy standardized tools to connect employees; 30% plan to provide training aids to remote employees; and 27% want to refine their disaster recovery plans to accommodate additional scenarios.

Investments in emerging and cutting-edge technologies will drop significantly, as the focus changes to more immediate, proven needs. Efforts on digital transformation will increase at 44% of firms, but “digital transformation” in this context means adopting digital technologies for highly analog processes – adopting proven technology systems– not bringing in cutting-edge innovations.

The technology innovation trends that IT buyers do expect to adopt are mainly long-standing ones:

A third of planned increases in 2021 IT budgets are influenced by the pandemic, particularly involving communications tools, infrastructure, and security. For companies expecting to increase budgets, upgrading outdated IT infrastructure, getting IT projects done more quickly, addressing security concerns, addressing changes brought by the pandemic, and supporting remote work are major drivers for 2021.

 

How IT’s focus shifted as the pandemic unfolded

In March 2020, during the height of the adjustments required as COVID-19 related lockdowns became common, these tech areas got more attention from IT buyers: video conferencing, VDI, firewalls, network monitoring, communications systems, and collaboration tools.

And in May and June, a holding pattern developed, with no new strong drivers of IT attention.

The focus shifted dramatically to security by June, after the initial efforts to respond to the crisis were in place. Endpoint device security is the top security-related concern for remote-work efforts, cited by 55% of respondents.

 

We’re Blazon

At Blazon Technologies, we specialized in protecting our clients’ network and data, ensuring they can keep running their business even if disaster strikes them. To find out how we can help you with your security and protection, contact us for more information.

News Source: https://www.computerworld.com/

logo

Today story can be said is the most astonishing and remarkable but ultimately foolish way you will ever heard of saving money on IT. A hint before you go on – it involves millions of dollars and a $10 router.

Read more

If you are still using QuickTime on your Windows, it is recommended you uninstalled them and switch to another player as soon as you can. Even the US government has issued a warning for all users to uninstall it from their Windows based computer.

Read more

Is your business prepared for any type of disaster? Even though small businesses may not have as many employees or as much equipment, they are still as vulnerable to disaster as a large corporation. If your business office were to be destroyed by a fire, you could lose valuable business if you don’t plan ahead. Many businesses don’t want to take the time and the expense to prepare a business continuity plan, but can you really afford not to make one?

Read more

Ah, those pesky passwords. You have one for your PC/Network and, unless there is a password synchronization application that combines them, you probably have more than one for other applications.The worst thing you can do with your passwords is to place them in a text document which can be accessed on the hard drive of your computer. Your files are vulnerable to business and identity theft- even if you think they are not. If someone is intent on finding them, they can. Even if you place them into a password protected document, those can be cracked, too. How easy a target are you for business and identity theft?

Read more

Email is an important and necessary part of your business. It provides an economical and instant means of communicating with staff, customers, and vendors – that’s both simple to use and enables increased efficiency. An email policy is required to protect this necessary business tool.

An email policy is a legal document that details your organization’s definition of acceptable use for the company email system. It should indicate who emails can be received from or sent to, as well as outline what constitutes appropriate content for work emails.

Read more

We maintain our computers similarly to how we maintain our own health – rarely do we take the time to learn about preventing health complications, and instead work to repair our health once we’ve become ill! We take care of our computers the same way, in that we rarely think about the safety or well-being of our data until something happens that leads to data loss or corruption. And when that does happen, how do you recover your lost computer files?

Read more