Irish Employer’s Bad Habits Increase Risk of Cyber Attack
It only takes a quick glance at the news to see another example of a company falling victim to a cyber threat like data theft or being disrupted via ransomware.
They are not alone; we have seen Sweeping cyberattacks targeting governments and other organisations in Europe. For example, Travelex fell victim to a devastating Sodinokibi ransomware attack over Christmas. It crippled their entire IT infrastructure for the best part of a month, and they are only now recovering from it. Given the connected world we live in, those threats can come from anywhere in the world.
In fact, our new research has revealed that 70% of Irish large firms have experienced problems with phishing, hacking, cyber-fraud, or other cyber-attacks. My own view is that this understates the reality. So pervasive are the attacks that I believe the number of firms being targeted is actually closer to 100%.
Annually Microsoft invests over €2 billion in cyber security and scans 450 billion emails for malware monthly. Microsoft Ireland’s latest research focused on four key areas of cyber risk: Identity Access Management, Security Management, Threat Protection, and Information Protection. The research has revealed that three in four leaders within organisations that employ upwards of 250 staff are worried about their organisation’s security. Further, only one in four decision makers are found to be confident they can respond to any security incident effectively. The latter of these statistics is particularly alarming with the undoubted rise in cyber attacks.
Regarding staff, only one in four organisations believe they have enough in-house talent to meet their cybersecurity needs, with over half struggling to find employees with the right cybersecurity skills. The top five concerns are inadequate password and security practices, ransomware attacks, the growing sophistication of cyberthreats, and loss of data through theft or sabotage.
Managing employee’s Identity Access Management (IAM)
While some organisations believe they have strong IAM processes in place, the research discovered that four in ten senior IT decision makers are quite worried about the digital threats they face, due to challenges in managing employee’s IAM.
Senior IT decision makers are particularly worried due to:
- Too many portals and passwords
- Escalating number of password reset calls to Help Desk and rising costs
- Lack of visibility and control across environments
This concern is reinforced by a previous study from Microsoft that showed 44% of employees use the same password across multiple devices, with a further 38% recycling passwords at work. One of the alternatives replacements to traditional passwords mentioned is the biometric verification (e.g. facial recognition or fingerprint).
Only 30% of senior IT decision makers have a clear strategy against cyber threats
While most large Irish firms have experienced problems with phishing, hacking, cyber-fraud, or other cyber-attacks, the research shows that only one in four companies believed they are well secured against such threats. At the same time, only 3 in 10 of senior IT decision makers believe they have a clear strategy for protecting and managing sensitive information. Again, referring to the previous research where we found 36% of employees have backed up corporate data to personal devices, there really is a significant gap between employee behaviour and IT leadership’s preparedness to facilitate such behaviour.
Even more worrying is that, despite the situation, approximately 69% of leaders are not planning to hire additional staff with cyber-security expertise. Of the 31% who are planning to bring on additional cyber-security staff, over half are finding it challenging to find the right candidate.
As threats continue to evolve, it is important for organisations to adapt and invest in their preventative measures. The findings suggest that nearly half plan to invest in either new software, training or recruitment, while four in ten plan to maintain their current budgets.
What keeps IT decision makers up at night?
The top five cyber-threat fears of those studied are:
- Inadequate password and security practices,
- Ransomware attacks,
- The growing sophistication of cyber threats,
- Loss of financial or other data through theft or sabotage, and
- Loss of intellectual property.
Bad habits expose organisations to data breach
Managing staff is challenging, and poor security habits leave organisations at risk. Senior management report they don’t allow employee access to their network from a personal or mobile device. This is in stark contrast to the 2019 findings from Microsoft that showed 49% of employees claim to use their personal email when working remotely.
Also worrying, over a third of those who have experienced a cyber-attack continue to allow their staff full access from personal and mobile devices.
When it came to using cloud computing as a solution to addressing large organisations IT challenges, 46% of Irish organisations’ senior decision makers claimed they had no security concerns moving their data or systems to ‘the cloud’.
The research shows that senior managers in large organisations are worried about protecting their organisation, as new technologies transform and disrupt their industry. A gap exists between organisations’ view of how secure they feel, versus the reality where their organisational security habits are leaving them open to data loss or hacking.
Iterative security policies and poorly implemented planning have spawned some bad employer habits. Organisations must now ensure they are taking a considered approach to data security, and embrace new procedures and technologies, coupled with consistent training, enforced policies, along with better device upgrades to enable employees to deliver the productivity needed for successful transformation with a minimum of risk to the organisation.