New research has found that as many as 36% of IT leaders have disabled security measures on their systems, and as many as 70% have admitted to reusing system passwords.
IT leaders have a lot of confidence in their organizations, as 80% say their employees would not fall for a phishing attack. That said, 64% of leaders have clicked on phishing scams themselves.
Despite this, a study by Arctic Wolf say they can quickly punish others for mistakes, with 27% witnessing an employee being fired for falling victim to a scam.
Do as we say, not as we do
The report not only outlines the gap between IT leaders and their employees, but also, if you’ll pardon the drama, between leaders and reality. Many overestimate their organization’s ability to recognize phishing attacks and are overconfident in their cybersecurity.
According to the report, despite their assurance, 83% of leaders have seen employees click on phishing simulation links, and 61% of leaders have reported one or more cybersecurity breaches in the past 12 months.
“Cyber security isn’t just about technology, it’s about people. As threat actors become more sophisticated, security leaders must move beyond traditional security training methods and adopt a comprehensive human risk management strategy that will not only help them better identify and mitigate threats, but, more importantly, create a more proactive and security-conscious workforce promote. ” says Adam Marre, head of information security at Arctic Wolf.
The threat landscape is rapidly evolving and phishing attacks are becoming more sophisticated and common, meaning overconfidence can leave companies vulnerable. Now more than ever, businesses need robust cybersecurity, and that requires an honest assessment of risks and vulnerabilities.
