As an IT administrator, you've probably tried everything under the sun in attempting to fortify your organization's cyber security profile. If you've already tried your luck with network technologies such as firewalls, hosted security solutions leveraged in the cloud and other application-based protective tools, it may seem that nothing on the market is truly capable of locking down your infrastructure. It's the root of frustration for tech leaders everywhere, but have you ever considered that network defense could be a matter of your end users' training and security awareness?
In a recent article from Federal Times, research from the Fort Meade Alliance revealed that the majority of vulnerabilities in government agency networks are the result of employee misuse, and the deeper problem of inadequate end user education. If you can pinpoint where your training and awareness efforts fall short and coordinate new initiatives to fill these dangerous skills gaps in a proactive manner, you and your employees will be better equipped to defend your organization from the hazards of the modern cyber environment.
Dare to be aware
Security pitfalls are diverse in both scope and type, but as Federal Times pointed out in this pivotal study, most of the problems faced by today's network guardians can be tied back to employee usage and a lack of proper procedure therein. The source noted that 52 percent of the 200 federal IT decision-makers polled in the Fort Meade Alliance study claimed they felt most threatened by the mistakes end users make in email, applications and other digital domains. This statistic saw a 12 percent increase from last year, when malware took first place as the top cyber security concern.
Training is clearly a must in today's digital world, and the report noted that leaders are finally reaching a turning point with regard to prioritizing employee awareness and skill sets. Fort Meade Alliance found that 61 percent of respondents cited end user training as a top investment item, and 57 percent aim to bolster their usage policies if the opportunity presents itself. While 66 percent have their eyes on new security technologies to strengthen their infrastructure perimeters, overall trends certainly reflect the acknowledgement of training's influence on network defense.
"Cyber security awareness training can help solve many of the challenges we face with protecting information technology assets and our government's most sensitive information and mission-critical systems," said Deon Viergutz, president of Ft. Meade Alliance and director of cyber operations for Lockheed Martin Information Systems and Global Solutions, as quoted by the source.
Remain vigilant
Although many cyber slip-ups are honest mistakes on the part of end users, International Business Times reminded us that malicious insiders are still a prominent source of cyber threat. The source noted that 37 percent panelists at a recent British Standards Institution event claimed that rogue employees pose the biggest concern in the protection of their critical information, proving that not all end users have the purest of intentions when it comes to cyber security. Even in the mitigation of insider threat, however, training is essential to boost internal vigilance and raise awareness.
"Research has shown that effective staff training can halve the number of insider breaches, by ensuring employees understand the importance of information security and their role in protecting businesses' critical information," said Suzanne Fribbins, risk management expert at BSI, according to the news source.
As you gauge the health of your organization's security blueprint and make adjustments for the new year, remember that technology is only a piece of the puzzle. Strong end user education and stringent policies are vital to the protection of your most crucial network assets.