Employees' lack of cyber security knowledge puts businesses at risk
UK organisations are putting their reputation, customer trust and competitive advantage at greater risk by failing to provide their staff with effective cyber security awareness and capability to defend against cyber attacks, according to the latest research from AXELOS.
Research into organisations’ approach to information security awareness conducted by AXELOS – a UK government/Capita joint venture – reveals that most are underestimating the role the human element plays corporate cyber risk. The finding is a cause for concern as UK government research found that 75% of large organisations suffered staff-related security breaches in 2015, with 50% of the worst breaches caused by human error.
AXELOS’ research showed that only a minority of executives responsible for information security training in organisations with more than 500 employees believe their cyber security training is very effective. While four in 10 (42%) say their training is very effective at providing general awareness of information security risks, only just over a quarter (28%) say their efforts are very effective at changing behaviour in relation to information security.
For ensuring compliance with regulatory requirements, 37% rate their training as very effective though only a third (33%) rate it very effective in reducing exposure to the risk of information security breaches. A similar minority (32%) are very confident that the training is relevant to staff, despite almost all respondents (99%) citing security awareness as important to minimise the risk of security breaches.
When asked how many staff had completed their information security awareness programme, respondents in a quarter of organisations said that no more than 50% of staff had done so.
Nick Wilding, head of cyber resilience best practice at AXELOS, said: “Despite organisations continuing to invest heavily in technology to better protect their precious information and systems, the number and scale of attacks continues to rise as they discover there is no ‘silver bullet’ to help them achieve their desired level of cyber security.
“And they often underestimate that the role that their own employees – from the boardroom to the frontline – can play: staff should be their most effective security control but are typically one of their greatest vulnerabilities.”
While praising UK organisations for acknowledging the importance of information security awareness learning Wilding warned that current training and awareness approaches often aren’t effective.
He said: “Though 32% of organidations are very confident about the relevance of the training they provide, there are nearly two-thirds (62%) that are only ‘fairly confident’. Cyber-attacks are now business as usual and the resulting financial and reputational damage can be significant. As a result, organisations need to be more certain that they are engaging their people effectively to better equip them to manage the cyber and information security risks they now all face.
“Imagine how customers would respond if told that ‘we’re fairly confident that your precious information is safe from attack’. Equally, reporting to a board of directors that the level of confidence in the organisation’s information security awareness is only “fair” would be given short shrift. If UK company boards are not asking those responsible about the current effectiveness of their awareness learning among their people and what is being done to improve their cyber resilience, then they should be.”
Follow @BizReviewEurope on Twitter.
GfK and VMware: Innovating together on hybrid cloud
GfK has been the global leader in data and analytics for more than 85 years, supplying its clients with optimised decision inputs.
In its capacity as a strategic and technical partner, VMware has been walking GfK along its digital transformation path for over a decade.
“We are a demanding and singularly dynamic customer, which is why a close partnership with VMware is integral to the success of everyone involved,” said Joerg Hesselink, Global Head of Infrastructure, GfK IT Services.
Four years ago, the Nuremberg-based researcher expanded its on-premises infrastructure by introducing VMware vRealize Automation. In doing so, it laid a solid foundation, resulting in a self-service hybrid-cloud environment.
By expanding on the basis of VMware Cloud on AWS and VMware Cloud Foundation with vRealize Cloud Management, GfK has given itself a secure infrastructure and reliable operations by efficiently operating processes, policies, people and tools in both private and public cloud environments.
One important step for GfK involved migrating from multiple cloud providers to just a single one. The team chose VMware.
“VMware is the market leader for on-premises virtualisation and hybrid-cloud solutions, so it was only logical to tackle the next project for the future together,” says Hesselink.
Migration to the VMware-based environment was integrated into existing hardware simply and smoothly in April 2020. Going forward, GfK’s new hybrid cloud model will establish a harmonised core system complete with VMware Cloud on AWS, VMware Cloud Foundation with vRealize Cloud Management and a volume rising from an initial 500 VMs to a total of 4,000 VMs.
“We are modernising, protecting and scaling our applications with the world’s leading hybrid cloud solution: VMware Cloud on AWS, following VMware on Google Cloud Platform,” adds Hesselink.
The hybrid cloud-based infrastructure also empowers GfK to respond to new and future projects with astonishing agility: Resources can now be shifted quickly and easily from the private to the public cloud – without modifying the nature of interaction with the environment.
The gfknewron project is a good example – the company’s latest AI-powered product is based exclusively on public cloud technology. The consistency guaranteed by VMware Cloud on AWS eases the burden on both regular staff and the IT team. Better still, since the teams are already familiar with the VMware environment, the learning curve for upskilling is short.
One very important factor for the GfK was that VMware Cloud on AWS constituted an investment in future-proof technology that will stay relevant.
“The new cloud-based infrastructure comprising VMware Cloud on AWS and VMware Cloud Foundation forges a successful link between on-premises and cloud-based solutions,” says Hesselink. “That in turn enables GfK to efficiently develop its own modern applications and solutions.
“In market research, everything is data-driven. So, we need the best technological basis to efficiently process large volumes of data and consistently distill them into logical insights that genuinely benefit the client.
“We transform data and information into actionable knowledge that serves as a sustainable driver of business growth. VMware Cloud on AWS is an investment in a platform that helps us be well prepared for whatever the future may hold.”