Despite the fact that ransomware incidents are increasing daily, 93% of Indian companies said that the biggest challenge is a lack of cybersecurity awareness among employees and board level executives.
Over the past 12 months, Sophos, a UK-based cybersecurity firm, commissioned research to better understand cybersecurity expenditure and self-assessed maturity in organizations across Asia Pacific and Japan. The Future of Cybersecurity in Asia Pacific and Japan, in its third edition of its survey report, received 900 responses from Australia, India, Japan, Malaysia, the Philippines, and Singapore.
Only 61% of Indian companies believe their board fully understands cybersecurity, according to the survey report. Worse, their executives believe that cybersecurity is easy, and their cybersecurity personnel overstate threats and issues.
86% of respondents also believe that cybersecurity vendors do not give provide with the information they require to help in educating the executives. Around 93% of companies agree that their biggest security challenge in the next 24 months is to create the awareness and education of employees and leadership.
Aaron Bugal, Global Solutions Engineer, Asia Pacific and Japan, at Sophos, in a statement said “With ransomware attacks continuing to become more complex, organisations need a genuine, actionable cybersecurity education programme,”
“Cybersecurity professionals continue to face many frustrations in their roles this year, with many feeling their warnings and messages fall on deaf ears. The challenge for cybersecurity professionals faced with low levels of security understanding among company boards is that many are unlikely to invest in the necessary programmes to alleviate these frustrations.
Bugal said “The issue isn’t technology, it’s education. Increasing spend on cybersecurity won’t help unless organisations understand from the top down the true nature and critical threat that cyberattacks constitute to their organisational capabilities, their customers and their own existence,”
He suggested that cybersecurity education be prioritized. Boards must help in understanding that it is difficult to secure everything and that securing the most critical information, data, and systems must be prioritized.
All employees should have access to education courses on basic principles, genuine likelihood of an attack, attack vectors, threat actors, and other terminology.
Businesses should also understand compliance, the regulatory environment in which they operate, what is legally needed in the event of a data breach, and what measures and appropriate controls are in place to ensure data security and management.
Bugal said “Shifting priorities to become more proactive must start at the top and requires direction from executives, including investments in awareness and education across entire organisations,”