Proofpoint: APAC Employees Are Choosing Convenience, Speed Over Cyber Security

CISOs cognize champion signifier accusation information absorption comes down to radical arsenic overmuch arsenic technology. Without employees and a robust information civilization connected your side, tech deployment volition not halt menace actors, who proceed to find their mode into organisations.

It appears Asia-Pacific employees are not getting the message. Cyber information institution Proofpoint precocious surveyed 7,500 employees and 1,050 information professionals successful 15 countries, including Australia, Japan, South Korea and Singapore. The institution recovered that successful the Asia-Pacific, galore employees confess to behaviours that summation the hazard of compromise — similar accessing inappropriate websites — contempt knowing what they are doing is risky.

Many employees mention convenience and the request for velocity arsenic reasons. A ample proportionality are besides inactive unsure of their information responsibilities oregon judge it is idiosyncratic else’s job, contempt the concern that has gone into cyber information acquisition and consciousness crossed the region.

How galore employees are taking risky actions?

63% of employees successful the 4 surveyed countries successful the Asia-Pacific portion instrumentality risks with security, according to Proofpoint’s State of the Phish report. To marque this uncovering much troubling, a immense proportionality of them (98%) knew what they were doing was risky portion they were doing it but did it anyway.

SEE: Stay up of these top cyber information trends successful Australia.

However, Japanese employees instrumentality the fewest cybersecurity risks. Over fractional (53%) of respondents from Japan accidental they ne'er instrumentality risky action, compared with a 29% planetary average. Proofpoint speculated that Japan’s taste values and a absorption connected subject whitethorn beryllium down Japan’s comparatively amended show connected information behaviour.

Asia-Pacific employees instrumentality little risks than those successful planetary markets

Asia-Pacific employees are little apt to instrumentality risks erstwhile compared with the planetary mean but much apt to bash truthful erstwhile they cognize they should not. Proofpoint’s planetary statistic amusement 71% of users astir the globe instrumentality risky actions, and 95% of planetary employees who instrumentality risky actions are alert of the risks they are taking.

What risky actions are employees taking?

Proofpoint recovered 4 of the apical 5 risks cited by information professionals are communal behaviours among users. For example, the apical hazard cited by cyber pros — accessing an inappropriate website — was the 4th astir communal risky behaviour among employees. (Figure A). Proofpoint suggested employees whitethorn beryllium unclear these are risky.

Figure A: Proofpoint recovered grounds Asia-Pacific employees are engaging successful behaviours cyber information professionals sanction arsenic being risky. Source: Proofpoint

The astir communal risky behaviour admitted to by employees surveyed successful the portion was the usage of a enactment instrumentality for idiosyncratic activities. This is contempt the information that this tin summation susceptibility to phishing. For example, employees whitethorn person and spot phishing emails they person successful a idiosyncratic account, putting information astatine risk.

Employees were besides actively reusing oregon sharing passwords, connecting their enactment instrumentality without utilizing a VPN successful a nationalist place, and responding to email and SMS messages from idiosyncratic they didn’t know.

Why are employees taking risky actions?

Employees revealed the superior reasons wherefore they prosecute successful risky cyber information behaviour:

• 54% took risks due to the fact that it was much convenient.
• 38% had done truthful to prevention clip connected their work.
• 23% had behaviour driven by an urgent deadline.

Less communal reasons wherefore employees took risks with cyber information were besides unearthed:

• 19% took risks to prevention money.
• 19% had chopped corners to conscionable show objectives.
• 11% were trying to conscionable a concern gross target.

PREMIUM: Protect your organisation with an information information policy.

Employees unsure astir their information responsibility

Employees successful the Asia-Pacific portion were the astir apt among planetary employees surveyed to accidental they were unsure astir their idiosyncratic work for cyber security. Proofpoint recovered that 57% of employees surveyed successful the portion said they were unsure astir their responsibilities, compared with 54% astir the globe.

The survey besides revealed IT information teams are overconfident astir employees’ level of work awareness. While 84% of IT information individuals surveyed said their employees believed they were liable for security, lone 39% of employees themselves said they counted this arsenic portion of their responsibilities (Figure B).

Figure B: Many Asia-Pacific employees are inactive unsure if cyber information is their responsibility. Source: Proofpoint

What tin Asia-Pacific organisations bash astir the worker problem?

There is nary uncertainty that cyber professionals successful APAC request employees to summation clarity implicit their responsibilities erstwhile it comes to cybersecurity. After all, APAC was named ‘ground zero’ for cyber transgression maturation successful 2023, erstwhile it experienced the highest year-over-year summation successful play cyberattacks during the archetypal 4th of 2023.

Make pursuing cyber information champion practices easy

Proofpoint’s survey makes wide employees are taking risks wherever it is much convenient oregon saves them time. Cyber information professionals tin lone trim this hazard if they endeavour to marque pursuing unafraid practices arsenic elemental arsenic imaginable and region immoderate barriers employees whitethorn look to doing the close thing.

PREMIUM: Consider utilizing email templates for information alerts.

For example, this whitethorn impact moving with IT teams to guarantee thing arsenic elemental arsenic streamlined entree to an businesslike IT assistance desk. This would guarantee streamlined entree to a VPN, debar them connecting to unsecured networks and woody with relationship oregon password issues to region the temptation of sharing passwords.

“Work with concern stakeholders and prioritise ease-of-use erstwhile implementing information policies,” Proofpoint said successful its survey. “Users volition beryllium little inclined to circumvent systems if information aligns with their goals. And they are much apt to usage a power if it is intuitive and does not necessitate immoderate training.”

Educate to physique cyber information consciousness and culture

Education and raising consciousness volition proceed to play a captious role. If employees successful the portion are inactive unsure successful galore cases astir their relation successful accusation information management, it lone makes consciousness to boost concern successful delivering engaging cyber information grooming resources that tin enactment an uplift successful knowing of threats.

This could see grooming resources that absorption connected the apical risks of cyber information professionals. Employees could beryllium amended informed astir practices similar clicking connected links oregon downloading attachments that could summation phishing oregon malware risk, portion being supported with tools that emblem emails arsenic coming from extracurricular the organisation.

Building a beardown cyber information civilization is the endgame. Organisations that person occurrence with engaging employees successful cyber information often enrol employees successful helping the organisation spot issues. For example, a phish reporting Slack oregon communications transmission tin enactment arsenic a conveyance for reporting, steadfast contention and unit reward.