Prasad Ajgaonkar reports in 94pc of cyber attacks are caused by lack of infosecurity awareness training. Is your organisation safe?:
Do you know that a cyber attack takes place every 10 minutes in India? This rate is higher than that in 2016, where a cyber attack took place once every 12 minutes. A study conducted by Fortinet found that a whopping 94 percent of IT experts believe that information security (InfoSec) practices in Indian organizations are sorely inadequate and completely fail to protect from cyber attacks in today’s world.
It is crucial to be aware that the exorbitantly high cyber attacks in India is a human issue, rather than an IT issue. This means that employees failing to follow InfoSec practices- rather than IT system failures- is the biggest contributor of cyber attacks.
Therefore, it is critical to ensure that all employees at an organisation are vigilant, fully aware of cyber-threats, and trained to follow InfoSec practices at all times.
…
Focusing on the lack of training for employees, the post suggests this solution:
…
Story-telling and scenario based training would be an excellent and highly effective way to ensure that employees consistently practice InfoSec measures. An effective InfoSec training programme has the following features:
- Educating employees through story-telling and interactive media – …
- Continuous top of the mind recall – …
- Presenting InfoSec tips, trivia and reminders to employees through mobile phone apps…
- Training through scenario-based assessments – …
- Training through group discussions – …
…
I have a simpler explanation for poor cybersecurity practices of employees in India.
The Hindu captured it in one headline: India Inc pay gap: CEOs earn up to 1,200-times of average staff
Many thought the American pay gap at CEOs make 271 times the pay of most workers was bad.
Try almost four (4) times the American CEO – worker pay gap.
How much commonality of interest exists between the worker who gets $1 and for every $1, their CEO gets $1,200?
Conventional training, excluding the use of drugs and/or physical torture, isn’t likely to create a commonality of interest. Yes?
Cybersecurity “solutions” that don’t address the worker to CEO wage gap, are castles made of sand.