Employees know little about cyber-security, and learn even less

It seems all that talk by security experts how employee education is the best way to protect a business from a cyber-attack has fallen on deaf ears.

A new study by ISACA, based on a poll of 2,000 UK consumers, says that more than half of those haven't gotten any cyber-security awareness training, at all.

Here is what having no cyber-security training gets you: more than a third (36 per cent) of employees not being able to spot a phishing email; 19 per cent falling for a phishing scam; 33 per cent choosing a speedy internet over a secure one.

The report, entitled 2016 Cyber Security Perceptions, also highlights the risky behaviour UK's employees have: 16 per cent shared their passwords with other people, 14 per cent used passwords that were easy to guess just to save time on typing them, 15 per cent used other people's USB sticks and 11 per cent avoided two-factor authentication because it wasn't convenient.

More than three quarters (76 per cent) don’t know what ransomware is, and 66 per cent could not define a data breach.

“It is critically important that we create awareness in cybersecurity and in multiple roles within an organisation,” said Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, chair of ISACA’s board of directors. “The human factor is critical when creating cybersecurity capability, and education based on practical guidance is key to reducing the related business risks.”

Despite all these results, 79 per cent consider themselves capable of protecting their sensitive data, and 74 per cent trust their companies to do the same.

Image Credit: wk1003mike / Shutterstock