While companies have long been concerned about external bad actors breaching security, internal threats are gaining prominence.
This is according to a survey, conducted by
When a breach does happen, too, many are not confident that their firms will be prepared. The survey found somewhat muted faith in current safety measures, with the largest share (51%) saying they are only "somewhat prepared," while 39% feel "very prepared," 6% feel they are not at all prepared in their overall cyber defense strategies, and 4% are unsure. When asked about internal cyber defense, 57% are "somewhat confident," 37% are "very confident," and 6% are "not at all confident."
This lack of confidence, said the report, underscores a lack of training and education around cyber security matters. Only half (50%) said they are conducting cybersecurity training on a regular basis. A total of 44% held a training within the prior six months, while 25% held a training more than seven months ago, and an alarming 31% said they had never held a single training event.
"A decade ago, business leaders likely equated cybersecurity breaches with external hackers, but the new normal of virtual and hybrid work has exposed a wide array of new cybersecurity threats, many coming from the inside," said Rahul Mahna, partner and head of outsourced IT services at EisnerAmper, in a statement. "Businesses need to optimize their resources to ensure they are sparing no proactive measures. An important first step is training staff and refreshing that education at regular intervals. Given the increase in virtual/hybrid work, most companies should be conducting cybersecurity training at least quarterly. It's far more efficient to spend up front on education, state-of-the-art software and hardware and, most of all, reliable IT staff who feel a stake in the company's success."
