RealTime IT News

Survey: Employees Shift Blame for Security Lapses

Cartoonist Walt Kelly once famously noted, "We have met the enemy and he is us." A new cybersecurity survey conducted by the Information Technology Association of America (ITAA) and Brainbench, an online testing and certification firm, seems to once again underscore that truth.

The recently completed survey of approximately 800 IT professionals shows that while the respondents tend to rate themselves highly, they tend to give their co-workers low-to-failing grades with respect to cybersecurity. Sixty-five percent of respondents said their co-workers ignored it, didn't want to be bothered or just didn't know what to do.

In dealing with cybersecurity issues, the survey says, employees often shift the responsibility elsewhere, with almost half (49 percent) of survey respondents saying their company is doing "a poor job, or is providing little, sporadic, incomplete or no security information at all."

Overall, the study indicates individual computer users overwhelmingly believe that cybersecurity is someone else's problem, not their own; many people have gained their cyber security skills through informal channels. In addition, a substantial number think that their employers are doing at best only a fair job of giving people the education and training they need to avoid harmful situations.

"The survey shows that, when it comes to information security, too often, 'ready, shoot, aim' is the order of the day. Companies need to understand what their employees do not understand when it comes to safe cyber practices," said ITAA President Harris Miller. "And companies need a better, faster, more cost effective way to figure it out -- and fill in the awareness gaps."

Miller said the survey shows that 46 percent of workers have either no formal training in information security practices or they learned IT security "here and there." Only 39 percent of the respondents says they received their training on the job.

Moreover, 36 percent said they are either not sure who to do about cybersecurity issues, or they are not particularly interested in "taking any steps to protect their organization's infrastructure.

The ITAA and Chantilly, Va.-based Brainbench used the occasion of the survey results to roll out a new program, the Information Security Awareness Certification (I-ACERT), designed to help companies bolster their cybersecurity efforts. To gain I-ACERT certification for an organization, 90 percent of its computer users must take the test, and 85 percent must pass the test with a score of 2.75 or better on a five-point scale.

"The security survey results shows the need for effective methods that can help organizations rapidly identify and eliminate the security knowledge gaps," said Brainbench CEO Mike Russiello. "We have responded to these challenges by offering online Computer Adaptive Tests that were designed by Brainbench to cover eight critical security topics and fit any level of cyber defense proficiency.