Kenna Security is now part of Cisco

|Learn more
Contact Us
Talk to an Expert
Request a demo

1,200 US Workers Just Proved Cyber Training Alone Won’t Prevent Your Next Breach

May 4, 2021
Monica White
VP of Product Marketing

Share with Your Network

A new survey of 1,200 US workers lays bare the hard fact that cyber training alone will not provide the protection your enterprise needs to prevent the next breach. 

If this notion worries you (and if you want to learn what you can do to fix it), I suggest you read on.

Amid the pandemic, a surge in cyber training

As cyberattacks spiked during the COVID-19 pandemic, businesses stepped up efforts to train both remote and in-office workers to spot phishing attempts and other potential threats. You’d think employees, once armed with skills to detect and help deflect attacks, would form a kind of virtual Maginot Line against bad actors. 

 But according to the results of a survey recently published by TalentLMS, a training solutions provider, that’s wishful thinking. 

TalentLMS queried 1,200 employees about their cyber hygiene habits and familiarity with cybersecurity best practices. They also put respondents through a seven-question test to see how accurately they spotted potential fraudulent emails, dangerous documents, compromised drives, and more. 

The results are sobering. Six out of 10 respondents failed the test, even though 69% of them recently had received cyber training from their employers. 

What’s telling—and frankly worrying—is 74% of respondents who answered all seven test questions incorrectly also said they feel safe from cyberthreats. And 60% of all who failed the test (who couldn’t get four or more questions right) said they feel safe. Bad habits are partially to blame. For instance, 33% of surveyed employees store their passwords in their browsers, which any Security professional knows is an unnecessary risk.

TalentLMS mounted this research, not as an indictment of cyber training; on the contrary, the company’s goal is to reveal the shortcomings of ineffective training and to emphasize that more effective training isn’t difficult to access and implement.  

1,200 reasons to do more

Assuming this survey sampling of 1,200 is generally representative of remote and on-site workers everywhere, then even trained, confident employees pose a significant risk to infrastructures. As we noted in a previous blog, people are fallible, even when you do your best to make them infallible. Which makes increasingly sophisticated social engineering attacks much harder to defend against.

Assuming we accept you can never achieve a state of employee hygiene that could be considered failsafe (though it’s worth fortifying your critical forward line as much as you can), the next question is what’s next? What can you strengthen sufficiently to reduce your risk of a costly breach?

We’d start with your vulnerability management strategy. An effective modern vulnerability management strategy reduces your attack surface by patching the vulnerabilities that pose the highest risk to your unique environment. And when you fix the vulnerabilities that matter most, you’ll provide an important stopgap against that leaky employee perimeter.

But don’t think just any vulnerability management solution will be good enough to stop an exploit before it can do damage. Our research has found organizations that rely on CVSS scores or scanner fix lists spend 80% of their time patching low-risk vulnerabilities. This leaves organizations squandering IT and AppDev resources to patch vulnerabilities that earn headlines but actually don’t warrant your time and energy, simply because they just don’t pose a risk to you.

Fortunately, better and more effective approaches are available today. They use state-of-the-art capabilities like threat data analysis and data science techniques like machine learning and predictive algorithms. The best of them can predict the weaponization of new vulnerabilities with 94% accuracy. So much for wasting eight out of every 10 hours fixing vulns that don’t need fixing.

I can think of 1,200 reasons to make your vulnerability management strategy as effective and time-efficient as you can. Still, wondering if you need to take action? Ask your colleagues in IT and AppDev how they’d rather be spending their time.

Find out how easy it is to fix only what matters. 

 

 

 

Share with Your Network

Read the Latest Content

Customer

How Security and IT Can Leverage the Secrets to CX Success

The customer feedback loop is an opportunity to take new ideas that we can take back to our PM and UX teams to make our solutions even better.
READ MORE
Threat Intelligence

18+ Threat Intel Feeds Power Modern Vulnerability Management

You need lots of feeds to cover all of the threat and vulnerability data categories and 4 or 5 feeds doesn't provide good coverage or breadth.
READ MORE
Cybersecurity Best Practices

Your Employees Are Your Biggest Cyber Threat. Here’s How to Neutralize It.

Cyber training is necessary to help combat threats, but new research shows common approaches to training may not be as effective.
READ MORE
Sign up to get the latest updates
FacebookLinkedInTwitterYouTube

© 2021 Kenna Security. All Rights Reserved. Privacy Policy.