We already know that C-level executives are woefully uninformed about cybersecurity within their own companies. Now a new study from SilverSky looks at employee perception of enterprise security. And it looks like the employees are more aware than their bosses about how often the network is attacked and how cybercriminals try to trick people into downloading malware.
An interesting finding in the survey is that more than 75 percent of employees believe the company has been a victim of between one and five attacks within the past 12 months, but also say that the executives running the company had been briefed only once on attacks during that same time period. That is a serious disconnect between what employees know compared to what CEOs are told. It also confirms what other studies have shown – those at the highest level are not in tune with cybersecurity issues. But I’m not sure all of that blame can fall on the CEO or other executives. I think it is as much a communication breakdown as being clueless about cybersecurity.
A positive point to the survey is the high number (71 percent) of those who realize that phishing attacks are a primary cause of malware infection. For those charged with securing the network from malware and other attacks, knowing how the cybercriminals are getting access is a step in the right direction.
Other survey findings weren’t too surprising, in my opinion. According to the SilverSky blog:
[S]ome of the barriers preventing organizations from doing a better job in monitoring for, collecting and analyzing attack information include: cost (64 percent), time constraints (44 percent) and in-house knowledge/skill-sets (42 percent).
Cybercrime is big business and cyber attacks continue to become more sophisticated. It’s more important than ever that everyone within the company is on the same page when it comes to cybersecurity practices. Employees are on the right track for understanding what’s going on. Now open up the dialogue so everybody involved is more aware.