Study: Employers aware of cybersecurity threats but not proactive enough
- A new study by CompTIA found that only 29% of businesses said they were proactive about fighting cyber attacks, with emphasis on detecting and responding to them, according to an email sent to HR Dive. The Evolution of Security Skills also found that another 34% combine a strong defense with some proactive measures.
- According to the association, businesses tend to focus on the cyber threats they know best, mainly viruses and malware, and continue using dated tactics and training when there are more threats out there to fight.
- CompTIA is calling for businesses to be totally proactive by looking for weak links in their systems before they're attacked, providing their technology professionals with broader skills training and training everyone in the organization about cybersecurity risks.
Although the study shows that businesses are gradually shifting from a defensive to an offensive stance in fighting cyber attacks, they're largely ill-equipped to take on current challenges. A 2015 Spiceworks study showed hat while 80% of companies experienced a cyber attack, only 29% had a cyber expert on staff.
The massive WannaCry ransomware attack, which disrupted computer systems in 150 countries in May, should prompt employers to take preventive cybersecurity action immediately. The campaign was a sharp warning for HR to take the lead in protecting sensitive employee and organizational data from phishing activity and cybersecurity breaches.
Lately, HR departments have been the target of hackers because of the vast amount of personal employee information they maintain. HRIS must be updated and constantly monitored to prevent breaches and HR staff must be made aware of hackers posing as hiring employers.
Employers also should be aware of possible internal breaches. A report by Dtex Systems, a cybersecurity firm, found that 95% of the organizations it polled had employees who tried to bypass security and web restrictions.