A number of recent surveys have found that a great majority of the computing public is lacking in some basic cybersecurity knowledge. Despite the positive impact of what we like to call good internet "hygene", the cybersecurity habits of your average user seems to be lacking in too many critical areas. The scary thing is that, for the most part, these are the very folks working on your network.
A recent Pew Research Center survey found that many Americans are unclear about some key cybersecurity concepts and even terms. A majority of users can identify a strong password when they see one and recognize the dangers of using public Wi-Fi. However, many struggle with more technical cybersecurity concepts, such as how to identify true two-factor authentication or even how to determine if an email they received was spoofed.
The results shed some light on the level of knowledge around cybersecurity by the average worker, which obviously differs greatly from that of cybersecurity professionals, who tend to overestimate the knowledge the general public has on cybersecurity risks.
The discrepency between what professionals and senior management think and what end users know and do could be a huge gap and may be the reason why few organizations have a security awareness training program for their employees.
As security becomes more complex, organizations are being tasked with making sure that it’s not just the IT department who's on the lookout for the next threat. These days, particularly in a multi-cloud environment, the opportunity for breaches and hacks are coming in from all directions. Everyone agrees that from a security aspect, people are the weak link (ie: "the human factor"). But, are companies doing all they can to setup their users for success? Are employees truly being trained in the needed concepts of cybersecurity?
As we're working more and more in the "security" arena, I'm happy to report that we're starting to see the landscape change. Along with seeing more and more interest in protecting the network from internal and external vulnerabilities as well as performing deep-dive security assessments, we're also seeing senior management opening up to the idea of a more formal/ongoing security awareness training process for their staff.
Gone are the days of it being ok to sit someone down at a machine and expect them to just work; we're now seeing the expectations change where clients are seeing the value in investing in their staff so that they can become better and more aware cyber citizens. It's quite obvious that the more cyber-aware employees are, the more protected your network will be.
From an IT pro perspective, there are a lot of takeaways from the reports, including the risks associated with employees using work devices for personal activities like shopping online and playing games. Needless to say, employees and employers are going to have to do a much better job of managing their internet "hygene" as the Internet of Things (IoT) complicates the security landscape even further.
If you don't currently have a formal, ongoing cyber security awareness training program in place, we'd strongly suggest you start considering it. If you'd like to take a quick quiz from the Pew Research Center to evaluate your cybersecurity knowledge, click here.
If you'd like to learn more about our security awareness training program, please feel free to contact me.
What do you think? Has this info been helpful? Let us know in the Comment box below or shoot me an email if you’d like to chat about this in more detail.