A new study published by Ponemon Institute shows that a material portion of organizations are still using pre-pandemic security processes and policies, putting the org at risk.
It seems logical that with all the shifts in how cyberthreats are being delivered, executed, and monetized over the last two years, that every single organization would be taking note and aligning their protective, preventative, detective, and responsive strategies to align. But according to Ponemon’s latest report, Security Innovation: Secure Systems Start with Foundational Hardware, we find some great details around how organizations have and haven’t changed their strategies.
According to the report, only 53% of organizations have refreshed their security strategy over the last two years.
Of those that have refreshed their strategy, the following priorities have changed:
- Emphasis on the remote workforce (66%)
- Expanded use of automation and AI tools for security operations (56%)
- Use of cybersecurity compliance, risk management and privacy frameworks (52%)
- Heightened awareness among employees about cyber hygiene (54%)
- Increased accountability among employees (40%)
While the strategy changes above are certainly moving organizations in the right direction, it’s a bit saddening to see of the 53% that have refreshed strategies, about half of those are doing the right thing.
Focusing in on Security Awareness Training for a moment, 54% of 53% of organizations means only about 28% of organizations are putting a newfound emphasis on educating employees on how to identify and avoid phishing and social engineering attacks.
If the pandemic has taught us nothing else about the state of cyberattacks, it has shown us that phishing and social engineering are the most often used – and most effective – initial attack vector, requiring a focused defense – one found in Security Awareness Training.
