ABU DHABI // Companies are failing to provide their employees with basic cyber security awareness training, leaving their systems “wide open” to attacks.

Experts say that the vast majority of local organizations underestimate the “human factor” that allows online criminals to infiltrate companies’ internal networks, and many budget-cutting businesses do not see the value in investing in adequate training.

“If any organization lacks the initiative to provide cyber security awareness as a part of their cyber security platform, they might as well remove the doors and windows to their offices and invite the criminals in,” said Amir Kolahzadeh, managing director of ITSEC, one of the Middle East’s cyber security leaders.

Mr Kolahzadeh said it was of “utmost importance” that every single employee completed a basic cyber security awareness seminar and be able to identify ransomware, which encrypts data on infected machines and demands a ransom to restore it.

He said because the UAE was an “extremely safe environment”, it made people too trustworthy online.

“This naturally causes people’s guards to be down, versus if we lived in New York or London,” he said.

Research by Symantec and Deloitte found that more than two thirds of organizations in the Middle East were still incapable of protecting themselves from sophisticated cyber attacks.

Mr Kolahzadeh said there was a lack of will in organizations to invest in security measures.

Mike Weston, vice president of Cisco Systems Middle East, said that no matter how many sophisticated security technologies were deployed within an organization, a security solution was only as secure as its weakest link.

“UAE workplace security research conducted by Cisco and GBM showed employee behavior is a genuine weak link in cybersecurity and becoming an increasing source of risk – more through complacency and ignorance than malice – because companies have so insulated employees from the scale of daily threats that people expect the company’s security settings to take care of everything for them,” he said. “Training employees to understand that they too are liable on an individual level is of critical importance.

David Michaux, of online security company Whispering Bell, also said companies often underestimated the role their employees – from boardroom members to frontline workers – could play in preventing cyber crimes.

“Security awareness needs to be pushed down from the top and enforced,” he said. “This means it needs to be written into the HR policies and enforced by IT.”

Stephen Brennan, senior vice president of cyber network-defense at UAE cyber security company DarkMatter, said employers needed to have a rolling education program for staff.

“You look back at the old day and it was ‘loose lips sink ships’ – the only thing we are really talking about now is transferring this mindset to the digital domain.

“[It needs] a constant program of not just educating people but also positive reinforcement.”

Source: The National