Monday, May 30, 2005

#53 Employee awareness is sadly lacking

This was an interesting read about the lack of user awareness or education training around IT security and the obvious impact it has on your organisation.

In an Ernst & Young study, more than 70% of 1,233 organizations surveyed failed to list training and raising employee awareness of information security issues as a top initiative. Even though 93% of businesses have antivirus software in place, 72% of businesses received infected e-mail files during 2004, and roughly two-thirds of large businesses experienced virus infections or denial-of-service attacks last year. And still, less than half of Ernst & Young's respondents provide their employees with ongoing training in security. According to Meta Group research, 75% of organizations have found that lack of user awareness damages their security programs' effectiveness. Organizations across every industry must take the time to develop a security awareness program, which could turn out to be the missing link -- the most powerful link -- in their chain of defense.

This really presses home a point that I always harp on with my customers, and even though they acknowledge the benefits, very few manage to execute on such a plan. This article goes on to make some suggestions for hard pressed CSO's or IT Managers about how to kick such a program off.
Rate this post: (Provided by NewsGator)


Post a Comment

Links to this post:

Create a Link

<< Home