Businesses are failing to train employees sufficiently in security policies

A new piece of research from Intel Security – released in conjunction with a Vanson Bourne study which surveyed IT decision-makers in European companies including the UK – has highlighted the threats facing the corporate network, and the dangers of failing to train non-technical staff members in security procedures and policies.

The research points out that sales staff are the most exposed to online attacks due to frequent online contact with the general public, as are customer service personnel – yet 51 per cent of organisations don't provide security training for sales staff.

52 per cent of firms in the UK failed to give customer service personnel proper security training, and 60 per cent did not train receptionists and other front of house staff members.

And if you thought that was bad, one particular statistic is the most worrying of all – one in 10 UK firms fail to provide mandatory online security training to any of their employees. That's the highest rate of failure across all the European countries surveyed, sadly.

The report also noted that the number of suspect URLs which untrained staff could blindly click on has grown by 87 per cent from 2013 to 2014, meaning risks to the company network are increasingly present.

Intel also observed an increase in advanced stealth attacks, with 387 new threats uncovered every minute.

Intel noted that almost a third of businesses only review their security strategy once per year, or less frequently, and even given this, 75 per cent of UK IT pros still believe their organisation's strategy takes into account threats such as these constantly emerging advanced stealth attacks.

The Intel report also identified the main types of network attacks which are threatening businesses, a list which is topped by browser attacks (and the rise of dodgy links, as mentioned), which is followed by network abuse, stealth attacks, "evasive technologies" and SSL attacks (the latter now representing some 83 million network attacks every quarter).

Ashish Patel, regional director of network security UK&I Intel Security, commented: “With suspect URLs in particular on the rise, companies cannot afford to overlook non-technical staff when it comes to security training – as these employees are often the most susceptible to online threats.

“Meanwhile the significant growth of network attacks relying on methods such as DDoS, ransomware, SSL attacks and advanced stealth techniques should urge IT departments and security professionals to assess their security strategies in line with these rising threats. Beyond simply deploying new security technology, IT professionals should assess how their existing systems communicate with each other to better secure their entire network.”

Image credit: Shutterstock/pixeldreams.eu