Eye-opening data around the impact of human error demonstrates how simple user mistakes can compromise your organization’s cybersecurity posture.
It’s something we all know – employees that aren’t paying attention to corporate security aren’t helping. But new data from email security vendor Tessian quantifies this notion with some pretty surprising data. In their Psychology of Human Error report, they highlight a number of findings that highlight how very insecure users make your environment. According to the report:
- 43% of employees have made mistakes that compromised cybersecurity
- 25% of users have clicked a phishing email at work
- 45% of those clicking on phishing emails said they were distracted
- 43% of those clicking on phishing emails said it looked legitimate
Part of the problem is the reliance upon security solutions to provide users with a protective layer against email-based cyberattacks. According to the report, only 23% of employees have a mindset where they are continually concerned with cybersecurity.
In addition, in another recent report, nearly half of British university staff say they have received no cybersecurity training, according to a recent survey.
Most worryingly, 8 per cent of the 86 universities that answered pentesting biz Redscan’s Freedom of Information questions said they had reported five or more breaches to the Information Commissioner’s Office over the past 12 months.
The concerning results continued when further education institutions were asked to disclose how much security training their staff received. 46 per cent of staff received no training at all, while one Russell Group uni said that just 12 per cent of its staff had received “any” training in infosec matters.
Making up for the lack of widespread security training was the level of dedicated infosec staff employed by universities, which stood at a grand averaged total of three qualified people. Those three people were at least supported by the 51 per cent of universities that said they did provide some cybersecurity training to their students.
The news comes as universities continue mopping up from the Blackbaud supply chain attack, where a provider of cloud-based CRM systems used for alumni relations and fundraising suffered a ransomware attack. Blackbaud then paid off the criminals, notifying customers two months later.
Organizations need to take a more human approach to maintaining a security stance by incorporating users into the strategy. Using Security Awareness Training, employees are taught to be constantly mindful of cyberattacks, the social engineering tactics used, and to avoid becoming a victim by falling for these well-crafted attacks.
With thanks to the Cyber Defence Alliance, KnowBe4 and the Register. The full university story is here: https://www.theregister.com/2020/07/29/half_uk_uni_staff_no_infosec_training/
Request A Demo: Security Awareness Training
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defence. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW