Many UK workers don't know what ransomware is
It seems all that talk by security experts how employee education is the best way to protect a business from a cyber-attack has fallen on deaf ears.
A new study by ISACA, based on a poll of 2,000 UK consumers, says that more than half of those haven’t gotten any cyber-security awareness training, at all.
Here is what having no cyber-security training gets you: more than a third (36 percent) of employees not being able to spot a phishing email, 19 percent falling for a phishing scam, and 33 percent choosing a speedy internet over a secure one.
The report, entitled 2016 Cyber Security Perceptions, also highlights the risky behavior UK’s employees have: 16 percent shared their passwords with other people, 14 percent used passwords that were easy to guess just to save time on typing them, 15 percent used other people’s USB sticks and 11 percent avoided two-factor authentication because it wasn’t convenient. More than three quarters (76 percent) don’t know what ransomware is, and 66 percent could not define a data breach.
"It is critically important that we create awareness in cybersecurity and in multiple roles within an organization", said Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, chair of ISACA’s board of directors. "The human factor is critical when creating cybersecurity capability, and education based on practical guidance is key to reducing the related business risks".
Despite all these results, 79 percent consider themselves capable of protecting their sensitive data, and 74 percent trust their companies to do the same.
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.