Cybersecurity is a burning need of the hour. Yet, the world hasn’t achieved any major cybersecurity goals. Awareness is significantly lacking and sharing sensitive information is hardly taken as seriously as it should.
These are the findings of the latest Annual Cybersecurity Attitudes & Behaviors Report released by the Australian Cyber Collaboration Center. It found that the global workforce continues to exhibit concerning cybersecurity behavior, such as easily sharing confidential company information with AI tools.
For this Report, the Australian Cyber Collaboration Center surveyed over 6,500 individuals in eight different countries, including Australia and New Zealand. One important finding of this Report is that IT and cybersecurity leaders across the globe have been making some headway through solid cybersecurity training but any headway they make suffers serious setbacks due to the lax attitude and behavior of the employees.
Cybersecurity Can Be Frustrating
The need for strict and constant cybersecurity measures across platforms can be very frustrating for everyone. In today’s world, we see a pervasive digitization of businesses and services, and the number of data breaches has gone up exponentially. In such times, staying safe online can be scary and intimidating, you never know what threat is lurking behind which corner. Even when filters and firewalls are implemented by the company, employees figure out ways to bypass them or exceptions be made for them.
The Cybersecurity Attitudes & Behaviors Report found that 52% of the respondents find online security frustrating, with 44% of them admitting that they feel intimidated by how complex it is to stay safe online.
With the huge increase in online frauds and a range of different scams happening all around, employees are finding that cybersecurity measures may not be as useful or protective as it is made out to be. With each year, the number of people who believe cybersecurity is worth the effort goes down. Of the employees losing faith in cybersecurity, Gen Z and Millennials are usually found to be the most pessimistic, some are even reducing their online activities, feeling detached and disconnected.
Overall, rising discontent is being observed regarding the challenges of upholding security. The chief reason behind this is likely the complexities and friction of navigating cybersecurity policies that the IT and IT security teams lay out. However, in the process, the employees end up threatening important company assets and data.
Should the Responsibility for Cybersecurity be Outsourced?
Not everything can be someone else’s problem, including IT security. The tech industry and the tech platforms cannot be held solely responsible for information security. However, the survey finds that a whopping 90% of the respondents feel that the apps and platforms should be held responsible for protecting personal information, and not the users.
In an enterprise setting, IT and security departments are considered the ones with the responsibility to safeguard information in the workplace. However, a growing number of employees also attribute this responsibility to the tech industry at large. In line with this, the number of individuals who felt primarily responsible for security also dropped by 7% from last year. Overall, there is widespread complacency in the behavior and attitude towards security. Quite shockingly, about 43% of the respondents assumed that their devices were just automatically secure, with the number being much higher for the younger respondents, especially Gen Z and millennials.
Scope for Improvement in Cybersecurity Behavior
Maintaining cybersecurity hygiene is not the easiest job in the world, but it still needs to be done. This brings us to the scope of improvement. Here are some things that individuals can do to improve their cybersecurity hygiene.
Password Usage
Using personal information for passwords like names of family members, pets, etc. has gone up across age groups, but the most for Gen Z. About 29% of the respondents prefer to write their passwords down in a physical space, like a notebook, while only 12% were found using a password manager. This must change. Passwords need to be stronger and more complex.
Multi-factor Authentication
While most of the respondents had heard of multi-factor authentication – about 81%, but only a small portion of them have adopted it. Using multi-factor authentication is complex and frustrating, leading to a lot of users giving up on it after trying it out, especially among the younger workforce. Multi-factor authentication is complex because it makes things more secure, but sticking to it is important.
Phishing Detection
While the number of respondents who feel confident they can recognize phishing links and emails has grown, there is still a significant percentage of people who don’t feel confident and make errors. This may not always be because the individuals weren’t smart enough, but more so because phishing attempts are becoming increasingly sophisticated, including using AI.
The Need for AI Safety Training
Employees commonly use different AI tools to accomplish a host of day-to-day tasks or sometimes even just for fun. They often don’t realize that these AI tools may not be as secure as they think them to be, or maybe the security aspect of using them is never given any thought. The survey finds that over 38% of the respondents accepted sharing sensitive information with AI tools without the employer’s knowledge. In such cases, IT security teams can be caught off guard because they won’t even know an attack is coming or what triggered it. Again, the younger generation has been more prevalent in sharing sensitive enterprise information – 46% of Gen Z and 43% of millennials.
The need for cybersecurity cannot be undermined and every organization needs skilled information security professionals in their team to ensure that security is not added in as an afterthought or worse, completely forgotten about until it is too late. A good place to start is to either hire CISSP-certified professionals or train your workforce to get CISSP-certified.
Get CISSP online training with Cognixia
Once you have employees with the CISSP certification, they will demonstrate their skills to benefit your business with –
- Complete understanding of how to secure or protect confidential business data from hackers.
- Analyze risks and be aware of the common hacker strategies that can affect your business. They can determine the weak points of the organizations and work on them.
- Aptitude in improving not only the customer but also employee privacy ensuring all the information stays with the business only.
Get (ISC)2 CISSP Training & Certification and increase your business visibility as well as credibility in the cybersecurity market. Cognixia is the world’s leading digital talent transformation company that offers a wide range of courses, including CISSP training online with a comprehensive CISSP study guide.
Here’s what you will cover in this course –
- Learn and apply the concepts of security & risk management
- Gain an understanding of security engineering to protect information by exploring and examining security models and frameworks
- Learn how to identify, categorize, & prioritize assets
- Examination and security network architecture and its components
- Learn how to identify & control access to protect assets
- Designing and conducting security assessment strategies, logging, & monitoring activities
- Developing a recovery strategy and maintaining operational resilience
- Learn how to secure the software development cycle
Prerequisites
- Candidates for the CISSP certification should have at least 5 years of total paid work experience in two or more of the 8 CISSP CBK domains. Any extra certificate from the (ISC)2 authorized list, a four-year college degree, or a regional equivalent would qualify as one year of the necessary experience.
- If a candidate doesn’t have enough experience to qualify as a CISSP, they can still become an Associate of (ISC)2 by completing the CISSP test. After that, they will have 6 years to acquire the 5 years of necessary experience.
