Most UK Staff Can’t Remember Being Given Cyber-Training

[Exterminator]

Over half (55%) of UK workers can’t remember having been given cybersecurity training by their employer, highlighting a missed opportunity as the cost of breaches continues to rise, according to Accenture.

The global consulting firm polled over 2000 adults in the UK to find that most are unsure how to deal with cyber-threats, exposing themselves and their organization to unnecessary risk.

Online attackers are increasingly looking to exploit this lack of basic awareness to steal sensitive information, hold systems ransom and trick employees into transferring corporate funds to third-party bank accounts.

A Trend Micro mid-year report recently revealed that the firm blocked 82 million ransomware threats in the first six months of 2017, as well as 3000 Business Email Compromise attempts.

Phishing – which typically takes advantage of users’ lack of cyber-savvy – is an increasingly popular tactic to spread malware and harvest log-ins to infiltrate the corporate network.

Verizon claimed earlier this year that it was present in a fifth (21%) of cyber-attacks in 2016, up from just 8% the previous year.

Accenture said that even basic training could have a huge impact on organizations’ cyber-resilience.

Some 70% of those who had received training told the firm it improved their ability to recognize and respond to cyber-threats, while 23% thought training was the most effective protection against phishing and scams; way more than the police improving efforts to hunt hackers (4%).

Even worse, nearly half (46%) of respondents said they either can’t recall ever updating security software on their work machine or haven’t been prompted to do so.

The stats will be concerning to IT and business leaders given that the cost of cybercrime continues to rise. A report from Accenture yesterday revealed that in the UK the figure now stands at $8.7m (£6.4m) per year.

“An organization’s security is only as strong as its weakest link, which in many cases could be its own workforce. That’s why it’s important employees have the tools they need in place to recognize and escalate threats through training and awareness programs,” Accenture Security MD, Rick Hemsley, told Infosecurity Magazine.

“Businesses can also strengthen their case against hackers by ensuring a ‘no blame’ culture exists within the workplace.”

Kirill Kasavchenko, EMEA principal security technologist at Arbor Networks, argued that regular and effective employee training will become essential with the GDPR set to land in May 2018.

“Every employee should be educated in best practice procedures, starting with basics like clever password combinations and then going into details of how different attacks work, emphasizing ways to recognize social engineering tactics,” he added.

“Businesses must also demonstrate the potential impact of a breach occurring, which can help establish personal responsibility. Crucially, businesses shouldn’t just focus on prevention. Employees also need to understand best practice in minimizing the damage should a breach occurs.”