According to a new report by Fujitsu, more than half (54%) of senior executives have struggled to adapt security policies to changes in the threat landscape and working practices.
The survey, which Fujitsu carried out in September 2020, provides further evidence that many organizations are at higher risk of cyber-attacks due to the shift to remote working during COVID-19, with cyber-criminals taking advantage of the rising number of connections and devices to target corporate systems.
The findings also indicated that current cybersecurity training techniques are not suited to the current situation. Close to two-thirds (61%) of employees surveyed said they believe their security training is ineffective, while around three-quarters (74%) of non-technical staff do not find it engaging enough. Additionally, 32% thought their company’s training courses were too long, and 35% said it was too boring or technical.
These feelings may be partly explained by many organizations having a standardized approach to cybersecurity training: 60% of senior executives surveyed for the study admitted that all employees in their business receive the same type of training irrespective of the type of function they perform.
Senior executives also recognized a degree of apathy among their employees when it comes to cybersecurity, with 45% stating that most people in their organization believe this has nothing to do with them.
In response to these issues, encouragingly, over two-thirds (68%) of senior executives stated they recognize that training is most effective when it involves games, rewards or quizzes.
Commenting on the findings, Mike Smit, head of enterprise & cyber security at Fujitsu UK & Ireland, said: “Thanks to the pandemic forcing organizations to move to remote or hybrid working, a number of weak points have been exposed when it comes to cybersecurity and employees are one target that has come under increasing fire from cyber-criminals.
"Business leaders must understand that having a robust and effective cybersecurity approach relies on more than just IT and technical defenses, it also requires a ‘human firewall’ of trained, vigilant employees.
“In our new hybrid-working world, it is critical that organizations invest in a strategy where all employees receive tailored training that addresses the threats they encounter in their specific roles. This means cybersecurity teams have to get closer to the business areas to understand their specific challenges. Putting the right training in place to ensure your employees are aware of the risks will make a significant difference to an organizations’ overall security posture. And, ultimately, it will build a sense of collective responsibility where every employee is engaged in the security process.”