A Japanese minister in charge of cybersecurity has provoked astonishment by admitting he has never used a computer in his professional life, and appearing confused by the concept of a USB drive.
Yoshitaka Sakurada, 68, is the deputy chief of the government’s cybersecurity strategy office and also the minister in charge of the Olympic and Paralympic Games that Tokyo will host in 2020. In parliament on Wednesday however, he admitted he doesn’t use computers. He also appeared confused by the question when asked about whether USB drives were in use at Japanese nuclear facilities.
Despite an increased focus on cybersecurity awareness in the workplace, employees’ poor cybersecurity habits are getting worse, compounded by the speed and complexity of the digital transformation. Of the 1,600 global employees Vanson Bourne surveyed, 75% of respondents admitted to reusing passwords across accounts, including work and personal.
Organizations are at varying stages of the digital transformation, and that evolution has presented an increasingly complex IT environment to manage securely. Yet the survey findings points to a workforce who are less committed to security best practices.
Despite concerted efforts by many US organizations to improve security awareness among users, a new study shows they still have a long way to go. Some 75% of respondents today pose a moderate or severe risk to their company’s data, according to MediaPRO’s third annual State of Privacy and Security Awareness Report, and 85% of finance workers show some lack of data security and privacy knowledge.
The firm surveyed more than 1,000 employees across the United States to quantify the state of privacy and security awareness in 2018. More people fell into the risk category this year than in 2017 – and that number had nearly doubled since the inaugural survey.
Read more about the disturbing findings of the report on DarkReading.
October is National Cyber Security Awareness Month (NCSAM), a collaborative effort that began in 2004 as part of a joint campaign of the National Cyber Security Alliance and the U.S. Department of Homeland Security (DHS).
This year, NCSAM focuses on internet security as a shared responsibility among consumers, businesses and the cyber workforce.
Read an overview of the year in cybersecurity and a preview of what NCSAM 2018 has in store, on Security Intelligence.
Good news on the security awareness training front: Wombat Security (now part of Proofpoint) reports that 95% of companies they surveyed now train end users on how to identify and avoid phishing attacks, up from 86% in 2014.
The State of the Phish Report is based on analysis from data from tens of millions of simulated phishing attacks sent through the wombat security education platform over a 12 month period.
Data is related to 16 industries covering thousands of customers, from mid-range to large enterprises. It includes over 10,000 responses to quarterly surveys from infosec professionals revealing what organizations are experiencing.
Even more good news: Training has an impact. 54% of security pros said they have been able to quantify reductions in phishing susceptibility based on training, according to Wombat’s “2018 State of the Phish” report. Yet it is impossible to understand where companies still go wrong with their security awareness training.
You can get the 2018 State of the Phish report and many related studies and assessments at our Threat References page.
Read Ryan Francis take a look at whether third-party security awareness training work on CSO Online :
Being a security company, Rapid7 has to take special interest in making sure its 1,000 employees do not succumb to phishing and the like. At a recent CSO50 conference, speakers discussed their security awareness training.
Read Bob G. Stasio explains why companies need to build capacity to fight cyber threats on Dark Reading :
With the rapid rise, frequency, severity and cost of cyber attacks, many companies today are looking to the government military intelligence industry for the skills, talent and experience to run their security operations center.
CEOs are often the busiest people in any organization. As security professionals, we should respect that: but what can we do when our CEO won’t take security awareness training?
This is not uncommon but it can be a hard nut for security professionals to crack. We probably don’t top many lists of best for human empathy, and that combined with the full schedules of a typical CEO means things can become (mutually) frustrating. However, there are some great arguments for getting everyone in an organization – be they high or low – to take security awareness training.
As I discussed yesterday, a recent survey by KPMG of the CEOs of over 1,200 businesses shows that many firms are woefully unprepared to address cyber attacks.
After the report was issued, I spoke with Malcolm Marshall, Global Head of Cyber Security at KPMG, and asked him what areas of weakness he and his team have observed in firms that already have cybersecurity plans and technology in place (for those that do not yet, please see this article), and what CEOs should be doing now to better protect their firms.
Read the interview with Malcolm Marshall, Global Head of Cyber Security at KPMG, who talks about the 8 cyber security mistakes businesses make and how to fix them on Inc.
While traditional manufacturing industries were not designed with security in mind, the proliferation of networks and devices, disparate communication channels, and the use of off-the-shelf software has thrust cybersecurity into the spotlight.
Safety and security concerns associated with the high levels of connectivity and integration are surfacing as the concept of the Internet of Things (IoT) takes shape in the industrial networks and manufacturing plant floors. The alarming frequency of sophisticated and targeted advanced persistent threats has given further weight to the safety argument across both process and discrete industries.
Read why industrial security awareness remains at a abysmal low on Help Net Security.