Protecting sensitive data isn’t as simple as it used to be and as cyberthreats evolve, consistent cyberhygiene must become common practice.
We are living in a world that has been taken apart and remoulded by advanced technologies that show no signs of slowing down. From medical breakthroughs, triumphs in sustainable living and increased social awareness, each year brings countless innovations that have the potential to improve our lives in ways we previously only dreamed of.
Recent events, for example Trump’s repealing of former President Biden’s AI safety Act and a string of high-profile organisational breaches have shown that globally, we are in a position of cyber vulnerability, that if ignored may have serious repercussions for the individual, companies and entire industries.
In an era of arguably insufficient cybersecurity and growing malicious behaviours, employees and organisational leaders have an obligation to ensure that all data, be it personal or company-owned, is protected. However, a recent study issued by CybSafe and the National Cybersecurity Alliance (NCA), has shown that 38pc of people surveyed admitted to sharing confidential information with organisational AI tools, unbeknownst to their employers.
Information overload
CybSafe and the NCA surveyed more than 7,000 adults, diverse in age, country of origin, employment status and background, to determine how people engage with cybersecurity, particularly in relation to AI, password hygiene, multi-factor authentication, software update installations, phishing attempts and data backups.
What was discovered was that over a third of those surveyed had questionable cybersecurity practices, in that they had shared sensitive data with company AI tools. Unsurprisingly, younger generations, that is 46pc of GenZ and 43pc of Millennial respondents, were found to be more likely than their counterparts to share private information with workplace AI tools, without the consent of organisational leaders.
The report suggests that this may be related to the level of trust placed in AI by different generations. For example, while the majority of participants (65pc) stated that they saw the risks of cybercrime, those in older age groups, namely the Silent Generation and the Baby Boomers showed the highest level of concern overall.
“This generational gap might be down to younger generations’ greater familiarity and comfort with technology, which gives them more confidence in managing and mitigating risks,” stated the report. “Additionally, they may perceive the benefits of AI to outweigh the potential risks, or feel they have a better understanding of how to protect themselves against the risks.”
Consistently lacking
According to software company Cyberhaven, 11pc of all data copied and pasted into ChatGPT is confidential in nature, reportedly resulting in sensitive organisational information being exposed hundreds of times a week. For the authors of the NCA report, it all comes down to training.
For the first time in four years of issuing their report, access to training has increased for participants, with 33pc of those surveyed having used it. However, numbers are still too low, with more than half (56pc) stating they either don’t have cybersecurity training access or are unaware of any available options.
When it comes to generational trends it is the older generations who, despite their concerns over the potential risks of cyber activity, have the least access, when compared to their younger counterparts.
“Despite the positive trend in increased access to training, a substantial number of older participants still do not have access to cybersecurity training, with 90pc of the Silent Generation, 80pc of Baby Boomers and 59pc of Gen X, in cyberskills purgatory. This certainly raises a king-size red flag, because when it comes to online safety, ignorance is categorically not bliss.”
Overall, the report highlighted inconsistencies in how individuals, organisations and institutions explore cybersecurity training. While it was discovered that more people are making use of training opportunities at home in their own time (42pc) compared to last year’s figures (37pc) and many accessed training through their educational facilities, only one out of every three is being equipped to stay secure against evolving threats.
“Furthermore, 71pc of those who completed training reported that it was a one-off session, whether it was individual or group, online or in person. Only 29pc reported continuous training over a period of time, whether individually or in groups.”
In fact, the report found that the most common reason people chose not to attend additional training opportunities was because they are of the opinion that they know all they need to, when it comes to security. Nearly a quarter (22pc) said that they did not have the time and one-fifth don’t believe that training will reduce their risks of being a victim of cybercrime.
“We’re not suggesting all is lost, by any means. People want to be secure. Indeed, a whopping 70pc feel staying safe online is still achievable. That said, now is not the time for complacency. Technology makers, governments, regulators, media houses and workplaces, listen up.
“This is a call for collective effort. Let us focus on building technology and environments that are safe to use and work in. Making security more accessible will help alleviate frustration, keep people engaged and ultimately, lead to sustainable safer behaviour.”
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
