Skip to main content

Security vendors 'need to share more information' with their customers

security
(Image credit: Shutterstock / Golden Sikorka)

A “vicious cycle” involving Chief Information Security Officers (CISO) and cybersecurity vendors, caused by miscommunication, means businesses are not as well-protected as they should be.

This is according to a new report from cybersecurity firm Kaspersky, based on a poll of 240 CISOs and 2,000 UK adults, which asserts that employees don’t understand and often circumvent the cybersecurity measures put in place by their employers. 

The problem is two-fold; CISOs claim the information they receive from vendors is too complex to be passed on to employees, while vendors are unable to fix problems for a lack of tailored insight.  

To address the issue, employees need to be better educated on the dangers lurking in the digital realm, claims Kaspersky. Education has gained even greater importance over the last year, as the majority of workers are now remote and rely on the internet as never before.

Employees should be encouraged to use strong passwords, a corporate VPN, update their devices regularly, store data in one place for easier retrieval, encrypt important data and back it up frequently.

“These results highlight an alarming disconnect between vendors and enterprises, leading to flaws in cyberdefenses and a lack of the right technologies being harnessed to ensure strong cybersecurity posture,” said David Emm, Principal Security Researcher at Kaspersky.

“However, this can be reversed with better communication and understanding of what enterprises require in order to protect their sensitive data, and it is up to the vendor community to drive this change. In the immediacy, amid remote working, keeping valuable assets protected, as well as employee education and empowerment, are of vital importance, alongside protecting all employee devices with comprehensive security software. With many employers ruling out office working in 2021 altogether, businesses can’t afford not to get remote working security right.”