Connect with us

Hi, what are you looking for?

HEADLINES

Employees ‘confidently’ make 90% of all security awareness mistakes

To help businesses improve their staff cybersecurity skills, in the beginning of April 2020 Kaspersky and Area9 Lyceum released an adaptive learning course for those transitioning to at-home working, covering the basics of secure remote operations.

Free security awareness training on remote working from Kaspersky and Area9 Lyceum has seen participants enact correct responses 66% of the time. However, even when learners were wrong, they mostly remained confident in their competences. The most difficult learning objectives proved to be virtual machines, updates, and reasons why people should use corporate IT resources even while working outside the office. 

This spring, due to the coronavirus pandemic, many companies switched to remote working. This change affected corporate security via a growing number of web-based attacks, coronavirus-related phishing, as well as the increased use of shadow IT. To help businesses improve their staff cybersecurity skills, in the beginning of April 2020 Kaspersky and Area9 Lyceum released an adaptive learning course for those transitioning to at-home working, covering the basics of secure remote operations.

Analysis of anonymized learning results revealed that remote staff tend to overestimate the level of their knowledge of cybersecurity basics. In 90% of cases when learners selected a wrong answer, they evaluated their feelings toward the given response as “I know it” or “I think I know it”. This was revealed through an adaptive learning methodology, which asked learners to assess their levels of confidence in responses, as well as answer the test questions. 

The study also identified the most difficult learning objectives – the hardest being reasons why to use virtual machines. As many as 60% of the given answers were wrong on this matter, with 90% of respondents falling into the “unconscious incompetence” category. This means that mistaken learners were still sure that they had selected the right answer or option. 

Advertisement. Scroll to continue reading.

More than half of responses (52%) to questions about reasons why employees should use corporate IT resources (such as mail and messaging services or cloud storage) when working from home was incorrect. In 88% of cases, remote employees thought that they could explain this correctly. Almost the same proportion of mistakes (50%) was made when answering a question about how to install software updates. In this case, a staggering majority of 92% of those who had provided wrong answers, believed they had that required skill. 

“If employees see no danger in risky actions, let’s say, in storing sensitive documents in personal storage, they are unlikely to seek advice from IT or IT Security departments. From this perspective, it’s hard to change such behavior, because a person has an established habit and may not recognize the associated risks. As a result, ‘unconscious incompetence’ is one of the most difficult issues to identify and solve with security awareness training,” comments Denis Barinov, Head of the Kaspersky Academy. 

To learn more about how the adaptive learning approach can be applied to make employees behave more securely, please visit the official Kaspersky Adaptive Online Training web page.

You May Also Like

White Papers

The study tested 2,000 UK and US consumers, exposing them to a series of real and deepfake content. The results are alarming: only 0.1%...

HEADLINES

Deepfakes pose significant threats and risks, with nearly half of companies worldwide reporting incidents in 2024, according to industry reports. HONOR’s innovative solution immediately...

HEADLINES

The Philippines’ global ranking for local threats rose from 76th to 66th, highlighting the need for stronger cybersecurity measures.

HEADLINES

Despite 65% having adopted generative artificial intelligence (GenAI capabilities), 89% of IT leaders are concerned that flaws in GenAI cybersecurity tools could put their...

APPS

PSBank is reinforcing its commitment to security through key enhancements to its PSBank Mobile app.

White Papers

Hyper-personalized attacks and agent AI subversion will require industry-wide effort to root out and address. Business leaders should remember that there’s no such thing...

HEADLINES

GCash, a financial super app and cashless ecosystem, reaffirmed its commitment to trust, security, and collaboration with customers, stakeholders, and law enforcement to ensure...

HEADLINES

Senator Mark Villar recently filed a resolution seeking a senate inquiry on the trade of International Mobile Subscriber Identity (IMSI) catchers, which allow fraudsters...

Advertisement