Trend Micro’s Head in the Clouds study is distilled from interviews with 13,200 remote workers across 27 countries on their attitudes towards corporate cybersecurity and IT policies. Conducted in May 2020, the Singapore edition of the study surveyed 502 employees from a mix of large enterprises (49%) and small and medium-sized businesses (51%), across industries like IT, financial services, retail, and the public sector, among others.
It reveals that there has never been a better time for companies to take advantage of heightened employee cybersecurity awareness. Employees also display different attitudes and behaviours towards cybersecurity, which indicates that broad training might be too general to capture these differences.
A differentiated training approach targeting the different types of employees might be more effective in encouraging positive security practices, Trend Micro said. For instance, employees who are fearful of breaking security rules might benefit more from simulation exercises, where they are allowed to try and experience things they normally would not.
The results indicate a high level of security awareness among local employees, with the majority (89%) of respondents saying that they take instructions from their IT team seriously. Nearly nine in 10 (87%) of employees also agreed that they have a role to play in keeping their organisation secure, while 71% acknowledge that using non-work applications on a corporate device is a security risk.
 |
| Source: Trend Micro. Cloud security personas in 2020. |
However, just because most people understand the risks does not mean they abide by the rules. For example:
- Four in 10 (39%) of respondents say they often or always access corporate data from a non-work device – almost certainly breaking corporate security policy
- Sixteen percent are likely to click on a link offering free services, such as extra cloud storage and greater Internet connectivity, from an unknown email address
- Four in 10 (38%) of employees use public Wi-Fi when working remotely, without using the company virtual private network (VPN)
- Half (52%) of users confess to downloading or using a non-work application on a corporate device – of this pool, 35% of them did not request permission from the IT team
- Thirty-seven percent have actually uploaded corporate data to non-work applications
Cybercriminals are banking on such unsafe practices to attack businesses, Trend Micro warned. For instance, phishing tactics continue to be favoured by threat actors, as seen by the marked increase in Singapore-hosted phishing URLs detected last year – from 16,100 in 2018 to 47,500 in 2019***.
Productivity still trumps protection for many users. Almost two in five respondents (38%) agree that they do not give much thought to whether the apps they use are sanctioned by IT or not, as they just want the job done. Additionally, 14% would do whatever is quickest to send a client a file, even if that option is slightly less safe.
Dr Linda K. Kaye, Cyberpsychology Academic at Edge Hill University explained: “There are a great number of individual differences across the workforce. This can include individual employee’s values, accountability within their organisation, as well as aspects of their personality, all of which are important factors which drive people’s behaviours. To develop more effective cybersecurity training and practices, more attention should be paid to these factors. This, in turn, can help organisations adopt more tailored or bespoke cybersecurity training with their employees, which may be more effective.”
Nilesh Jain, VP of Trend Micro, Southeast Asia and India, added, “It is encouraging to see a majority of Singaporean employees recognising their role as the human firewall of their company. To close the cyber risk gap, especially caused by people who are either unaware of security policies or even those who think they are above the rules, organisations should not only provide training but take an opportunity to add guardrails and controls while understanding the users’ needs. Using a combination of both in a positive and easy-to-use fashion will hopefully encourage behavioural change and understanding.”
*Trend Micro’s Head in the Clouds study looks into the psychology of people’s behaviour in terms of cybersecurity, including their attitudes towards risk. It presents several common employee profiles based on their cybersecurity behaviors, with the aim of helping organisations tailor their cybersecurity strategy in the right way for the right employee.
The study is distilled from interviews with 13,200 remote workers across 27 countries on their attitudes towards corporate cybersecurity and IT policies. Conducted in May 2020, the Singapore edition of the study surveyed 502 employees from a mix of large enterprises (49%) and small and medium-sized businesses (51%), across industries like IT, financial services, retail, and the public sector, among others.
**Singapore’s ‘circuit breaker’ measures are an elevated set of safe distancing measures designed to pre-empt the trend of increasing local transmission of COVID-19. Measures include a stay-at-home order for most citizens, as well as closure of most establishments and workplaces.
***Singapore Cyber Landscape 2019, Cyber Security Agency of Singapore, June 2020
This comment has been removed by the author.
ReplyDelete