Employees are being targeted by cybercriminals, yet they are an essential line of security defence, as many attacks are using phishing schemes or capitalizing on weak cyber hygiene to compromise security, passwords and credentials, Fortinet pointed out.
The vendor’s 2023 Security Awareness and Training Global Research Brief is based on a survey of 1,855 IT and cybersecurity decision-makers from 29 global locations. And it found 84% of the respondents stated their organizations suffered at least one security breach in the past 12 months, with 7% having more than 9 breaches.
Additionally, a majority (81%) of them faced malware , phishing and password attacks last year that mainly targeted users.
“With the cost of breaches exceeding $1 million for close to half of responding organizations, equipping employees to recognize, avoid and report cyberthreats seems key,” Fortinet researchers note in the report.
Fortinet: Organizations need effective security awareness and training programs
The survey showed 85% of leaders said their organization has a security awareness and training program , but more than half of them believe their employees still lack cybersecurity knowledge.
“This gap suggests the training programs in place may not be as effective as they could be, resulting in inconsistency in how employees apply good cyber hygiene practices or that training is not reinforced sufficiently,” researchers pointed out.
The respondents noted that protecting sensitive data and systems when working remotely is the most important aspect of awareness, followed by securing sensitive data in general.
Almost all surveyed leaders (93%) agreed that greater employee security awareness could help reduce cyberattacks, and 59% of them said it’s reasonable for employees to spend one to three hours per year in security training, according to the survey.
“A critical evaluation of security awareness and training programs may reveal opportunities to address the human element of cybersecurity more effectively, thereby reducing the overall risk,” Fortinet researchers suggested. “Taking steps to ensure programs sufficiently cover a broad range of topics in a practical way, and to ensure that learning is reinforced with reminders and checks, should help improve training outcomes.”
Security becomes a board of directors priority
Facing increased cyberthreats, the board of directors is now more focused on security. The survey showed 93% of respondents indicated their board of directors is asking about the organization’s cyberdefenses and strategy.
“It is reasonable to take this as a sign that boards are serious about their responsibilities to manage corporate risk and protect the brand, and that they are aware of the increase in attacks and breaches,” Fortinet said.
And this trend is largely consistent across industries, with a slightly higher interest among boards of directors in financial services, healthcare and telecommunications (ranging from 94% to 95%) than in education, media and entertainment (around 88%).
These interests will likely translate into a focus on the human element in the future, recognizing employees and security training play an essential role in protecting the business interests and the reputation of the organization, researchers noted.
“To date, employee awareness may not have received the full attention it deserves, yet it could prove pivotal in the fight against cyberattacks in the years to come,” they said.
Would you like to explore what Fortinet has to offer? We're passionate about helping you stay safe online. Take a look here and let us help you find the solution to best fit you or your company.