Many Kiwi employers not offering cybersecurity training: survey
While 40% of Kiwi workers admit that they are also concerned of falling victim to a scam or phishing attempt on their work devices, only half of employers are offering training courses or education to prevent a cyberattack.
"It's alarming to see that a third of New Zealand's workforce don't feel equipped to stop themselves from being duped by a hacker at work," said Joseph Lyons, CEO of ELMO Software which did the survey.
"But what's most concerning is the fact that half of businesses are overlooking one of the most crucial methods to prevent attacks - training their staff."
Mid-sized businesses were also given a warning after the survey of 500 Kiwi workers in New Zealand found that only 30% of the respondents from such businesses said they were provided with training.
Lysons said mid-sized businesses might think they're less of a target, but C-suite leaders need to be reminded that being targeted by an attack remains a "very real responsibility."
"Given the financial and reputational risks, not to mention the impact on employees' data, businesses need to seriously consider whether they have the right technology and training in place to keep their organisations secure," Lyons said.
Human error leads to cyberattacks
Meanwhile, ELMO's findings also revealed that 22% of employees are using apps, software, or devices that aren't approved by their company.
"It's alarming to see that a third of New Zealand's workforce don't feel equipped to stop themselves from being duped by a hacker at work," Lyons said. "But what's most concerning is the fact that half of businesses are overlooking one of the most crucial methods to prevent attacks - training their staff."
He warned that there is a "very real" risk that comes with these actions.
"This type of behaviour can lead to malware and ransomware attacks, as well as other cyber threats," Nunez said. "Imagine trying to determine the source of an attack if the IT department doesn't have visibility across the company."
Previous research has underscored that business leaders are worried that internal staff error may be the source of their next security breach.
Mitigating cybersecurity risks
"Mitigating these risks requires an approach that spans people, processes, and tools," Nunez said. "Supplier security and employee education, as well as having the right tools to quickly detect and disable unauthorised applications, are at the core of our ISO 27001:2022 certification."
As a result, HR needs to step up, said Lyons.
"Cybersecurity is no longer the sole responsibility of IT departments, especially given the rise in attacks that target human vulnerability," he said.
"HR leaders need to be working alongside their IT and Finance counterparts to develop continuous training and ensure the employee data they hold is kept secure."