The issue of building cybersecurity awareness is still a concern for many organisations as found in KnowBe4’s State of Privacy and Security Report, which found that a lack of IT security training is directly correlated with the risk of cyberattacks in the workplace.
In fact, 45 percent of the workforce believe that they have no need to take additional safeguards regarding cybersecurity because they don’t work in an IT department.
The report evaluated the amount of training the workforce was being given about cybersecurity and privacy best practices and then determining how much was being understood by employees. Furthermore, the report investigated how employees were dealing with the realities and security challenges of working from home.
Key findings include:
24% of employees believe that clicking on a suspicious link or attachment in an email represents little or no risk
Only 31% of employees believe that allowing family members or friends to use work devices for personal activities outside of work hours is risky or a serious risk
31% believe that using the default password on their home router represents a significant level of risk
55% of employees had continuous cybersecurity and data privacy training throughout the lockdowns
Key sector findings include:
Only 14% and 22% of government and healthcare employees, respectively, are very confident that they can describe to their senior management the negative impacts posed by cybersecurity risks.
Employees in government, healthcare and education have the least understanding about a variety of social engineering threats.
When asked about the extent to which employees understand five types of social engineering threats (phishing, spear phishing, business email compromise, vishing, and smishing), only 15% of employees in the government space responded with an average of “very well,” while employees in the healthcare and education industries fared little better: 16% and 17%, respectively.