EMPLOYEES AWARENESS OF CYBERSECURITY IN DEVELOPED AND DEVELOPING COUNTRIES
Abstract
The control of cyberspace has, ever since the start of the 21st century, been anew
kind of global conflict. Cybersecurity awareness needs be at a very high level amongst
those who seek control over this cyberspace, and this goes much farther than simply
understanding what cybersecurity is and the reasons for its significance. This is a
much broader subject and involves a proper understanding of best internet security
practices and what types of behaviour should be avoided. In excess of 80 per cent of
attacks are the result of human error. So it is essential for each and every individual
employee within an organisation to have good cybersecurity awareness. As the speed
of technology and the danger of cyber war increases, countries start to implement
cybersecurity. This paper aims to is to discover the levels of employees’ awareness of
cybersecurity in a developed country United Kingdom (UK) and a developing country
Saudi Arabia(KSA); to examine what best practices organisations should follow in
order to increase the awareness of their employees and to examine the differences and
similarities in awareness from one place to another. 40 British employees and94 Saudi
employees participated in the survey I did to test awareness. I then conducted two
interviews with one British and one Saudi cybersecurity expert,to discuss the results of
the survey and to know more about cybersecurity awareness in the UK and KSA. The
result shows that the awareness levels of British employees and Saudi employees are
close. Cybersecurity is a global issues exceeded the limits of country development the
human error will still cause many cyber attacks unless organisations follow the best
ways to improve their employees awareness and encourage them to behave securely
online for example regular back up, software updates when they appear, using password
manger and 2FA.Organisations should make their employees aware about cyber attack
examples. Furthermore, they should have a good CSO to deliver training to ensure that
it is interesting and effective and that a company should not punish or fire staff who
failed phishing tests because they just need more training, training must be continuous,
not just one-off sessions and these must be tailored to the needs of the organisation
and the employees.