Lack of cybersecurity knowledge impacts organizations: study

Added by on October 26, 2015

Downers Grove, Ill, USA. — Nearly one in five people who found a random USB stick in a public setting proceeded to use the drive in ways that posed cybersecurity risks to their personal devices and information and potentially, that of their employer, a recent experiment conducted on behalf of CompTIA, the IT industry association, revealed.

With the cybersecurity threat landscape facing companies growing increasingly complex, employees who practice unsafe cybersecurity habits put both themselves and their employer at risk.

“We can’t expect employees to act securely without providing them with the knowledge and resources to do so,” said Todd Thibodeaux, president and CEO, CompTIA. “Employees are the first line of defense, so it’s imperative that organizations make it a priority to train all employees on cybersecurity best practices.”

Yet according to a CompTIA-commissioned survey of 1,200 full-time workers across the U.S., 45 percent say they do not receive any form of cybersecurity training at work. Among companies that do administer cybersecurity training, 15 percent still rely on paper-based training manuals.

The survey and corresponding whitepaper, Cyber Secure: A Look at Employee Cybersecurity Habits in the Workplace, examines technology use, security habits and level of cybersecurity awareness of workers.

Along with the survey, CompTIA commissioned a social experiment to observe first-hand cybersecurity habits.

In the experiment, 200 unbranded USB flash drives were left in high-traffic, public locations in Chicago, Cleveland, San Francisco and Washington, D.C. In about one in five instances, the flash drives were picked up and plugged into a device. Users then proceeded to engage in several potentially risky behaviors: opening text files, clicking on unfamiliar web links or sending messages to a listed email address.

“These actions may seem innocuous, but each has the potential to open the door to the very real threat of becoming the victim of a hacker or a cybercriminal,” Thibodeaux noted.

Contributing to the potential cyber threat, the survey found 94 percent of full-time employees regularly connect their laptop or mobile devices to public Wi-Fi networks; and of those, 69 percent handle work-related data while doing so.

The Computing Technology Industry Association (CompTIA) is a non-profit trade association serving as the voice of the information technology industry.