Internet users prefer to sweep their mistakes under the mouse pad rather than reporting an incident.
A Fujitsu study shows that users are even more reluctant to report IT incidents when they occur at their workplace.
This study, entitled " Building a Cyber Smart Culture ," explains that awareness of cyber risks has greatly evolved in recent years.
In particular, since the COVID-19 epidemic, when remote working has been imposed on everyone and distinction between personal and professional use is thin.
Organizations that had not yet completed their digital transition found themselves forced to operate solely through IT and remotely.
The security-conscious behaviors had to become second nature to employees. CISOs and CIOs had to train their staff in a very short period of time. What proved successful for some turned out to be counterproductive for others, who reported that their IT security has significantly declined since the lockdown.
Moreover, this study showed that users were reluctant to report cybersecurity incidents in their professional environment:
According to our global study, employees shared that:
- 54% admitted to circumventing security policies in order to keep pace with significant changes.
- 48% are reluctant to report threats they find.
- 45% believe that most members of their organization think cybersecurity has nothing to do with them.
- 61% believe that their current cybersecurity training is ineffective: boredom, lack of focus, and generic content contribute to a lack of ownership.
How can you make your users aware of the role they have to play?
The magazine cio-online.com explains that "much remains to be done in terms of raising awareness, particularly in encouraging users to play an active role in combating cyber threats."
This clearly demonstrates that cyber risk awareness campaigns are not enough:
Technical experts rate online training as effective at 64%, while only 45% of business professionals agree.
The rates fall even further with role-specific training, which is theoretically more relevant:
43% efficiency for technical roles,
Only 29% among non-technical workers.
Among the measures most popular with technical profiles are contextual alerts and reminders, appreciated by 62% of professions and 73% of technical roles, as well as training courses specifically focused on teleworking, considered effective by 53% of non-technical staff and 69% of technicians.
In terms of profession, there is a clear preference for playful approaches, appreciated by 69% compared to 60% of technical roles.
as well as physical or digital reminders (posters and signs), which appeal to 66% of non-technical roles and 58% of technicians.
In this sense, you, as a decision-maker, can teach the basics of IT security to your users within your organization. Our advice:
- Implement technical solutions (anti-spam, firewall, anti-virus, etc.) to protect your equipment.
- You should also opt for organizational solutions such as Avant de Cliquer to raise awareness among your employees. Train your teams on the risks of the internet and good practices, and help them adopt these practices on a daily basis to limit risks. Teach them how to respond to danger, because there is no such thing as zero risk. That's why training people remains an essential form of protection.
