Avoid ‘check-the-box compliance’ when it comes to cybersecurity

The need to educate employees about cyber risk management is more important than having a compliance program in place, according to one expert

Avoid ‘check-the-box compliance’ when it comes to cybersecurity

With the workplace becoming more digitized, two recent reports showed the need for more companies to invest in training employees in data security.

Wells Fargo Insurance released a report that said only 7% of companies in North America believed that “their employees’ misuse of technology posed a potential threat”, said Mary Kathryn Curry in The National Law Review.

Another report released by the Ponemon Institute, an independent research firm measuring privacy, data protection, and information security policies, found that over the course of a year, 874 insider incidents of data breach were tallied.

“[Of those], 65% were caused by employee negligence, 22% by malicious employees or criminals, and about 10% by imposter fraud,” said Curry, adding that the negligence cost the company more than US$200,000 per incident and roughly US$3 million annually.

“Companies perceive insider threats as mostly driven by malicious employees, but the fact is that a significant portion of the risk is due to insider carelessness.”

Curry noted that the Ponemon report claimed that “training programs … companies have are just not very good. They are really focused on check-the-box compliance requirements to show everyone that [the] company [has] training on data protection” while Wells Fargo Insurance emphasised the need to educate employees about cyber risk management.

Apart from re-evaluating their training programs, the Ponemon report also recommended the use of user behaviour analytic to track, collect, and assess user data and activities online.

“The recommendation is to focus on visibility and transparency – not on stringent controls – and to build “a layered defense that delivers a comprehensive range of capabilities across visibility, detection, context, and rapid response,” said Curry.
 

 

Recent articles & video

Malaysia will remain in total lockdown

Zoom’s chief people officer: ‘Hybrid working is here to stay’

BrewDog: ‘On many occasions, we haven’t got it right’

Facebook’s HRD APAC on creating an ‘equitable experience’

Most Read Articles

Apple employees revolt against ‘return to office’ plans

Singapore to move back to ‘phase 3’

Is virtual learning overrated?