Rapport is better between employees and IT security, according to a survey for a firm that offers info-security awareness training. In fact, the vast majority (87pc) of respondents admit to feeling very or somewhat comfortable reporting a security issue, violation or mistake with their security team.
A majority, 69pc of respondents found their security team to be very or somewhat helpful in resolving issues, and 76pc shared that they are very or somewhat easy to reach out to for questions and/or information. In cases where an individual or their colleague had clicked on a phishing link, a quarter were encouraged to learn from their mistakes via security awareness training.
This outlook appears to extend towards high rates of security awareness as well. A general view of the results indicate high confidence among the public in spotting most online scams. Indeed, 83pc of respondents claim to be very confident or quite confident in identifying email phishing, followed by 81pc for text phishing, and 79pc for both call as well as social media phishing. Yet, while some assert that they have never fallen for any type of scam – just under half of global respondents (48pc), or almost two thirds (62pc) among the British population, a good portion appear to be suffering from over-confidence as they continue to fall victim to cybercrime, it’s suggested.
Javvad Malik, lead security awareness advocate at KnowBe4, said: “For years, security teams were often painted in a negative light by fellow colleagues, viewed as an obstacle to efficiency, the strict enforcers of rules, or at the very least, elusive. Yet, our survey suggests a shift in perception. It seems security teams are becoming a trusted and dependable resource for employees, and this could not have come at a better time as cybercrime rates rise to an all-time high. It is promising to see a high level of security awareness among the public as well. Nevertheless, this should not be misinterpreted as a sign to fall complacent. As with all things, maintaining a strong security culture and awareness takes work and consistency.”
The recent survey was by Censuswide on behalf of KnowBe4, a provider of security awareness training and simulated phishing platform, covering 6,000 employees across six countries: the United States, United Kingdom, Germany, Netherlands, Norway and South Africa. Among the findings:
– 13pc of respondents report a security incident to their IT security team up to once a week on average, and a fifth (20pc) report an incident up to once a month on average.
– No further action was taken by security teams in 18pc of cases where a phishing link was clicked, while 14pc were reprimanded for their mistakes. Moreover, 11pc received disciplinary action or faced HR involvement as a result.
– 37pc of those who were not comfortable reporting an issue, violation or mistake to their security team, cited the process of reporting an incident as being too difficult. A third (33pc) claimed to be scared to report an issue and nearly one in 4 respondents did not know how to report an incident.
– 23pc of Security Awareness Training programs have incorporated the threat of deep fake videos.
Stu Sjouwerman, CEO, KnowBe4 added: “One of the major takeaways of this research is that culture is a critical factor in building your human defence layer. Part of developing a strong security culture is to understand that users across different countries or regions will have different attitudes and behaviours regarding security. That is why it is critical that security awareness training be localised for each region, not simply translated. A successful security awareness program is one that is sensitive and tailored for users from different backgrounds, cultures and languages. This piece of research is just one of many initiatives that KnowBe4 plans for the future to help emphasise the importance and methodology for improving security behaviour and building a strong security culture within your organisation for the long term.”
For the report: https://www.knowbe4.com/hubfs/Security-Habits-2021.pdf
