Information security awareness: 4 trends for 2021
As much as technological resources have advanced with the digital transformation, their effectiveness can still be hindered by human error.
A large portion of data breaches, intrusions, and cyber-attacks stem from basic end-user errors. These user errors are the primary target for attackers looking to infiltrate business networks.
Information security awareness is gaining more importance in the business community, especially due to the increased requirements of the 2016 General Data Protection Law.
According to a survey by Eskive, a Flipside information security monitoring platform for human vulnerabilities, 66% of companies dedicate only 1-25% of all information security time to awareness programs and only 6% of companies have a professional dedicated to the area of user awareness.
The figures show that businesses still have a long way to go to raise awareness and train and educate users.
In addition to this data, the survey defines 4 Security trends for 2021 directly related to the development of information security awareness. The trends are developed according to the degree of security maturity of the business and the budget allocated to the program
See 4 Security trends for 2021 directly related to the development of information security awareness:
Table of Contents
1. Remote work security
Most companies were not prepared to change their work regime and had to adapt quickly to ensure the continuity of their operations.
To ensure a safe environment, no matter where the worker connects from, the recommendations are:
- Adoption of policies that regulate remote work
- Use of virtual private network solutions or similar resources, which guarantee the protection of data on the network
- Privileged access control,through the use ofPAM tools
- Reinforcement of user authentication (MFA),combining various ways to confirm user identity
It is important that the business has a data classification policy and supervises its application, as non-compliance with data processing and the use of inappropriate controls can cause problems related to LGPD.
3. Manage privileged access
According to a report by GetApp, companies that allow full access to corporate data are more likely to suffer data breaches (50.7% of reported breaches) than those that limit access to data (12.6%).
According to the 2016 Forrester PIM Wave, 94% of the vulnerabilities recorded in 2016 could have been prevented just by removing administrator rights for ordinary users.
For this reason, managing privileged access is essential to decrease the attack surface. Through PAM, access control over privileged administration tasks is carried out, protecting the organization from violations that use privileged administrator accounts to access confidential data and critical settings.
4. Protection against phishing and online scams
The year 2020 positioned Brazil among the 10 countries that suffered the most phishing attacks. There were 47 million malicious emails circulating among Brazilians. According to research in the area, one in eight users in the country accessed at least one infected link.
In this scenario, it is vital that employees know how to identify scams online, protecting not only the companies they work for, but also their personal digital lives.
Create a Culture of Information Security and requires planning, periodic training, and engagement actions.
Each user must feel responsible for the company’s security, understand the importance of having a secure digital posture, and know the main techniques used by cyber criminals.
The information security maturity process takes time and requires a dedicated professional.
Generally, the Information Security Awareness Specialist is responsible for implementing this culture within the company. This professional must have multidisciplinary skills and will need to interact with all areas of the business.
VaultOne is a privileged account management solution that solves security problems by centralizing passwords in a digital safe, allowing users to access resources (servers, computers, social accounts) without the need of a password.
Instead of entrusting all resources to a password, an administrator can create a secure connection between the user and the resource using VaultOne to grant access.
Find out what VaultOne can do for your company. Talk to our experts today.