A recent survey at Infosecurity Europe 2023 reveals that over half of cybersecurity professionals engage in risky behaviours at work, with 80% observing their colleagues doing the same. The most common risky behaviours include using entertainment or streaming services, sharing personal information, and opening malicious email attachments. Security awareness training is crucial to cultivate a strong security culture within organisations. Interestingly, individuals in marketing/sales are seen as the most likely culprits of these behaviours. Companies need to address these behaviours at all levels and prioritise cybersecurity to minimise risks and protect sensitive data and infrastructure.
- Over half (55%) of cybersecurity professionals engage in risky behaviours at work, putting their companies at risk.
- 80% of cybersecurity professionals have observed their colleagues participating in the same risky behaviours.
- Security awareness training and the cultivation of a strong security culture are crucial in mitigating these risks.
A recent survey conducted at Infosecurity Europe 2023 has exposed some shocking revelations about the behaviours of cybersecurity professionals. It turns out that these guardians of digital safety are not as squeaky clean as we might think. In fact, over half of them have admitted to engaging in risky cybersecurity behaviours while on the clock. And what’s even more alarming? They’ve observed their colleagues doing the exact same thing. Buckle up, folks, because it’s time to dive into the world of cybersecurity professionals gone rogue.
Risky Behaviours at Work
The survey found that the most common risky behaviours among cybersecurity professionals included using entertainment or streaming services (33%), sharing personal information (15%), signing up to too many email subscriptions (15%), and opening malicious email attachments (13%). Other activities included downloading malicious applications (9%), using gaming/gambling websites (8%), using unauthorised removable media like USBs (8%), using unauthorised cloud backup or storage for work documents (8%), and using adult entertainment websites (3%).
Observations of Colleagues
The survey also revealed that cybersecurity professionals have observed their colleagues engaging in risky behaviours as well. Over half (52%) of the professionals surveyed have seen their colleagues using entertainment or streaming services, 43% have noticed them opening malicious email attachments, and 42% have caught their co-workers sharing personal information. Other observed behaviours included signing up to too many email subscriptions (33%), using unauthorised removable media like USBs (31%), downloading malicious applications (30%), using unauthorised cloud backup or storage for work documents (29%), using gaming/gambling websites (28%), and using adult entertainment websites (19%).
The Importance of Security Awareness Training
Javvad Malik, lead security awareness advocate at KnowBe4, the provider of the survey, emphasised the need for regular security awareness training and the cultivation of a strong security culture within organisations. “Creating a security culture requires a shift in attitude, behaviour, perception of responsibility, and overall organisational norms, so that best practices are embedded into everyday operations and thinking,” says Malik. He believes that if cybersecurity is recognised as a company-wide priority, employees will be more mindful of their actions and better equipped to respond to potential threats.
Identifying the Culprits
Interestingly, the survey found that individuals in marketing/sales (26%) were seen as the most likely culprits of these risky behaviours, followed by individuals in the C-suite (17%) and the IT department (11%). This highlights the importance of addressing these behaviours across all levels of an organisation and ensuring that everyone is aware of the potential risks.
Final Thoughts
The survey results serve as a reminder that even professionals in the cybersecurity industry are not immune to engaging in risky behaviours that can put their companies at risk. Regular security awareness training and the establishment of a strong security culture are crucial in mitigating these risks. As Javvad Malik suggests, cybersecurity should be a recognised priority across all levels of an organisation. By doing so, employees will become more cautious in their actions and better able to respond to potential threats.
So, there you have it – a wake-up call for the cybersecurity industry. The survey results have shown that even those entrusted with protecting our digital fortresses are not immune to risky behaviours that could jeopardise their companies. It’s high time for organisations to take action and prioritise security awareness training. By fostering a strong security culture and making cybersecurity a company-wide concern, employees will become more mindful of their actions and better equipped to tackle potential threats. Let’s not forget that the culprits of these risky behaviours can be found across all levels of an organisation, so it’s crucial to address the issue comprehensively. By doing so, we can minimise the risks of cyberattacks and ensure the safety of our sensitive data and infrastructure. Stay vigilant, my friends, and remember that cybersecurity is everyone’s responsibility.
FAQ
Q: What were the most common risky behaviours observed among cybersecurity professionals?
A: The most common risky behaviours among cybersecurity professionals included using entertainment or streaming services, sharing personal information, signing up to too many email subscriptions, and opening malicious email attachments.
Q: What percentage of cybersecurity professionals admitted to engaging in risky behaviours at work?
A: Over half (55%) of the cybersecurity professionals surveyed admitted to engaging in risky behaviours while at work.
Q: How many cybersecurity professionals have observed their colleagues participating in risky behaviours?
A: 80% of the cybersecurity professionals surveyed have observed their colleagues participating in risky behaviours.
Q: Which departments within companies were seen as the most likely culprits of risky behaviours?
A: According to the survey, individuals in marketing/sales (26%) were seen as the most likely culprits of risky behaviours, followed by individuals in the C-suite (17%) and the IT department (11%).
Q: What does Javvad Malik, the lead security awareness advocate at KnowBe4, recommend to address these risky behaviours?
A: Javvad Malik recommends regular security awareness training and the cultivation of a strong security culture within organisations. He believes that if cybersecurity is recognised as a company-wide priority, employees will be more mindful of their actions and better equipped to respond to potential threats.
Q: Why is it important for companies to address the risky behaviours of cybersecurity professionals?
A: It is important for companies to address the risky behaviours of cybersecurity professionals to minimise the risk of social engineering, phishing, malware, and scams. By promoting a culture of security awareness, companies can ensure the protection of their sensitive data and infrastructure.