According to research, very few companies provide cybersecurity training. The research was conducted especially on private sector companies operating in the UK. The results revealed that most companies did not provide the necessary training to their employees during the remote working period.
In the cybersecurity report, nearly 1200 people, including senior managers, general managers, directors, and employees, were observed. As a result of the investigations, almost 30 percent of the companies do not provide any cybersecurity training to their employees, and half of the remaining companies only gave training to a select few employees.
Almost all of the companies that provide cybersecurity training to their employees carry out this training only in the form of information. Few companies provide regular and planned training to their employees. That is, companies that provide their employees with the necessary training make up less than 10 percent of the companies surveyed.
In this period when phishing attacks and cyber threats increase, these results are very worrying. Employees participating in the research also confirm this and state that they were victims of many attacks during the remote working period due to lack of education.
As a result of this lack of education and unconsciousness, hackers have sent countless phishing emails against remote users during the pandemic. These phishing attacks were usually coronavirus and pandemic themed. Hackers also frequently targeted companies’ networks, vulnerabilities in VPN systems, and remote working protocols. Accordingly, the number of attacks using remote desktop connections increased from 3 million to almost 5 million.
Why Few Companies Provide Cybersecurity Training?
According to experts, most companies do not provide cybersecurity training. That’s because cybersecurity awareness and phishing still do not have a priority in company policies. Many companies are still unaware of the seriousness of phishing attacks. But no company that continues this way seems to be able to survive. Therefore, companies need to thoroughly examine cyber threats and reorganize their policies with awareness. Only in this way, companies can take the necessary measures to protect IT systems, employees, and the company.
Especially the remote working period poses a serious threat to companies. Because the threats awaiting employees increase while working remotely, and in addition, the mechanisms to protect them lose their effect.
Few Companies Provide Cybersecurity Training: What Can Be Done?
1. Companies should include phishing simulations in their cybersecurity awareness programs.
Cybersecurity awareness training is effective as long as it is given interactively and regularly. One of the most successful ways to make sure that training is effective is to test your employees with phishing simulations. Our brilliant phishing simulation module allows you to monitor and analyze human activities in your organization safely and intelligently by testing your staff with sudden phishing attacks, monitoring their behaviors, and providing information to you. Check out our Phishing Simulation tool for more information.
2. Companies should plan their cybersecurity awareness programs according to employees’ needs.
Most of the cybersecurity awareness training fails because it doesn’t answer employee needs or it doesn’t take sector-specific threats into account. Our Cybersecurity Awareness Training tools allow you to design your training program accordingly to your companies’ needs. You can deliver your training to individuals, small groups, departments, or the entire organization and track the results. We have a range of training content including immersive serious games and apps to deliver educational content in an interactive manner. Check out our Cybersecurity Awareness Training tool for more information.
“This post is originally published at www.phishing.org.uk”
Teknoloji Haberleri