Employees Not Bothered About Company’s Security: Study

by Moumita Deb Choudhury    Jan 18, 2018


Cybercrime has become a lucrative business for cyber goons in the recent years. IT industry key players, especially cybersecurity experts are well aware of the industry and perhaps it can be said that they sleep with one eye open to keep track of the malicious attempts around the clock.

The India Risk Survey last year tagged ‘Information & Cyber Insecurity’ as the biggest risk to companies, topping ‘Terrorism and Insurgency’ which has been ranked as the second biggest threat to businesses. We can thus gage the level of bad.

However, it’s a huge task for cyber experts of the companies to get the entire workforce of the organization awakened and make them understand the sophistication of cyber-crime. Cyber assailants are so smart today that in some cases, attackers infiltrate corporate networks without IT department even knowing about it.

Today, one of the major concern of the IT leaders in defending against attacks is the lack of willingness by employees to take precautionary steps against them, according to the latest results from the A10 Networks Application Intelligence Report (AIR).

Employees not bothered about following security practices:

The study highlights that almost half (48 percent) of IT leaders say they agree their employees do not care about following security practices.

The study also puts forward very important points, it said that perhaps as a direct correlation to the rise of these attacks, the survey revealed that 63 percent of IT professionals believe their overall IT and security budget should be increased. Additionally, IT departments are looking to grow their security teams, as security is the top hiring focus, followed by the applications team, which participants expected to see a 17 percent increase in headcount.

A pertinent problem arises from the use of devices and apps which are used outside the office and at the office as well. The blurring lines between work and personal business through the use of apps at home and in office brings in unknown trouble to the company.

Also, more than half of the employees expect the use of business apps to increase, increasing the odds these devices may become part of a larger DDoS attack, which can bring entire businesses to a screeching halt.

Employees, IT head tussle:

Many employees use banned sites and apps at work which is likely to put the security of the organization under threat. But who is ultimately responsible to protect employees who used non-sanctioned apps at work? App developers, IT departments and end users are at odds over who is responsible for application security and best practices regarding the many apps on the phones of employees.

With employees’ responsibility being low in this regard, only two out of five (41 percent) claim ownership for the security and protection of non-business apps they use, said the study.

Employees may turn out to be the weakest link:

IT heads say employees need better education on best security practices.Almost a quarter (23 percent) of IT decision-makers think there will be no improvement in security behavior at their company, but 75 percent think optimistically that there will be, noted the study

“70-80 percent of our information is in cyberspace today. However, only 40 percent of the people are aware of the threat vectors, which means 60 percent of the people do not even know through which sources the information can be compromised,” said, Shrinivas Kulkarni - VP & CISO, Xchanging Malaysia, A DXC Technology.

“The human link is the weakest link in the entire cyber security space and the only way out is through making people aware. It is true that technologically we are always behind the hackers, but the positive thing is that we still have control over our people, thus making the people aware is imperative,” he added. (Click here to read more)

Even though tens and thousands of ways are devised to immaculate businesses from cyber threats, the goal cannot be achieved unless employees are aware of the seriousness of the threats and its consequences. Employees should thus, take up the responsibility to contribute to building a strong guarded fortress against digital crime and thus make the organization’s sailing smooth.