Increased investment in employee training can reduce the risk of a company's cyber security attack by up to 70 percent, according to a new study.
The analysis, compiled by Pittsburgh-based Wombat Security Technologies with Boston research firm the Aberdeen Group, showed altering employee responses to threats from social media, phishing or other applications reduced the risks of those security breaches by 45 percent to 70 percent.
In addition, the study found a lack of employee training can dilute even significant investments in IT security, calling end users “perhaps the greatest evolving security threat.” Wombat and Aberdeen also developed a model to address, in part, the likelihood of cyberattacks and their potential impacts on businesses.
“Many security officers intuitively know that security education is an important line of defense against cyber crime, but they have trouble convincing senior management to spend the money necessary to execute an effective training program,” said Wombat President and CEO Joe Ferrara.
The analysis follows the high-profile North Korean cyberattack on Sony by last year ahead of the release of the satirical film, “The Interview,” as well as security breaches by Target, J.P. Morgan Chase and Home Depot. In addition, President Obama today proposed a slew of new laws aimed at strengthening cybersecurity protections.
A cybersecurity expert with the International Society of Automation, meanwhile, argued last year that the industrial sector could be particularly vulnerable to attacks due to inadequate training and complacency in the industry.