A shocking number of workers still haven't received any security training
Many don't follow security advice, even when they get it
Despite being the first line of defense against cyber-attacks, many employees claim they have never received any form of cybersecurity training from their employers.
A report from KnowBe4 based on a poll of 2,000 workers says almost a fifth (18%) have never received any form of cybersecurity training from their companies.
Furthermore, 51% have not received any training on how to avoid phishing scams - arguably the most widespread cybercriminal activity in the world. Finally, almost half (48%) have never been taught how to create strong passwords.
Shared responsibility
Other cybersecurity practices that employees are yet to receive training on include:
Remote working best practices (60%)
What to do if your credentials have been breached (66%)
Social engineering (82%)
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Deepfakes and AI (83%)
Bring your own device (84%)
While hardware and software vulnerabilities, zero-day and otherwise, are a great risk to organizations, most cyberattacks still start with a human error. Sometimes it’s an unprotected database, sometimes it’s a person inadvertently clicking on a link in a phishing email, or downloading malware in an attachment, and sometimes it’s a weak password that hackers can easily break through with credential stuffing and brute-force attacks.
“The technology landscape is changing all the time, therefore, not including training on new areas such as deepfakes and AI, could be putting UK organizations at further risk of cybercrime,” said Javvad Malik, lead security awareness advocate at KnowBe4.
When a company does provide advice, almost three-quarters of workers say they do follow it - however 29% admitted they simply forgot about them. Additionally, 22% find cybersecurity advice too complicated to follow, and 14% believe cybersecurity is not their responsibility.
More from TechRadar Pro
- Docker instances targeted in major cryptojacking scam
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.