Learn more.
Contact Us
Talk to an Expert
Request a demo

1,200 US Workers Just Proved Cyber Training Alone Won’t Prevent Your Next Breach

May 4, 2021
Monica White
VP of Product Marketing

Share with Your Network

A new survey of 1,200 US workers lays bare the hard fact that cyber training alone will not provide the protection your enterprise needs to prevent the next breach. 

If this notion worries you (and if you want to learn what you can do to fix it), I suggest you read on.

Amid the pandemic, a surge in cyber training

As cyberattacks spiked during the COVID-19 pandemic, businesses stepped up efforts to train both remote and in-office workers to spot phishing attempts and other potential threats. You’d think employees, once armed with skills to detect and help deflect attacks, would form a kind of virtual Maginot Line against bad actors. 

 But according to the results of a survey recently published by TalentLMS, a training solutions provider, that’s wishful thinking. 

TalentLMS queried 1,200 employees about their cyber hygiene habits and familiarity with cybersecurity best practices. They also put respondents through a seven-question test to see how accurately they spotted potential fraudulent emails, dangerous documents, compromised drives, and more. 

The results are sobering. Six out of 10 respondents failed the test, even though 69% of them recently had received cyber training from their employers. 

What’s telling—and frankly worrying—is 74% of respondents who answered all seven test questions incorrectly also said they feel safe from cyberthreats. And 60% of all who failed the test (who couldn’t get four or more questions right) said they feel safe. Bad habits are partially to blame. For instance, 33% of surveyed employees store their passwords in their browsers, which any Security professional knows is an unnecessary risk.

TalentLMS mounted this research, not as an indictment of cyber training; on the contrary, the company’s goal is to reveal the shortcomings of ineffective training and to emphasize that more effective training isn’t difficult to access and implement.  

1,200 reasons to do more

Assuming this survey sampling of 1,200 is generally representative of remote and on-site workers everywhere, then even trained, confident employees pose a significant risk to infrastructures. As we noted in a previous blog, people are fallible, even when you do your best to make them infallible. Which makes increasingly sophisticated social engineering attacks much harder to defend against.

Assuming we accept you can never achieve a state of employee hygiene that could be considered failsafe (though it’s worth fortifying your critical forward line as much as you can), the next question is what’s next? What can you strengthen sufficiently to reduce your risk of a costly breach?

We’d start with your vulnerability management strategy. An effective modern vulnerability management strategy reduces your attack surface by patching the vulnerabilities that pose the highest risk to your unique environment. And when you fix the vulnerabilities that matter most, you’ll provide an important stopgap against that leaky employee perimeter.

But don’t think just any vulnerability management solution will be good enough to stop an exploit before it can do damage. Our research has found organizations that rely on CVSS scores or scanner fix lists spend 80% of their time patching low-risk vulnerabilities. This leaves organizations squandering IT and AppDev resources to patch vulnerabilities that earn headlines but actually don’t warrant your time and energy, simply because they just don’t pose a risk to you.

Fortunately, better and more effective approaches are available today. They use state-of-the-art capabilities like threat data analysis and data science techniques like machine learning and predictive algorithms. The best of them can predict the weaponization of new vulnerabilities with 94% accuracy. So much for wasting eight out of every 10 hours fixing vulns that don’t need fixing.

I can think of 1,200 reasons to make your vulnerability management strategy as effective and time-efficient as you can. Still, wondering if you need to take action? Ask your colleagues in IT and AppDev how they’d rather be spending their time.

Find out how easy it is to fix only what matters. 




Share with Your Network

Read the Latest Content


How Security and IT Can Leverage the Secrets to CX Success

Here at Kenna Security, I spend my days ensuring my team helps our customers get the most from their investment in Kenna Security. I believe our dedicated approach to delivering a superior (Customer Experience) CX has been an important success factor for Kenna, and it sets us apart from our competitors.  A good CX team…

Threat Intelligence

15+ Threat Intel Feeds Power Modern Vulnerability Management

One question we often get from customers or prospective clients is why we use 15+ threat feeds and exploit intelligence feeds? Seems excessive, right? Why not just 4 or 5 feeds? Or 10? Why do we use more than 15 threat feeds and exploit intelligence feeds to power the Kenna.VM modern vulnerability management platform?  The…

Cybersecurity Best Practices

Your Employees Are Your Biggest Cyber Threat. Here’s How to Neutralize It.

People are fallible, and bad actors know this. That’s why so much time and energy rightly goes into training employees to watch for potential phishing and other scams that could compromise your infrastructure and all the value it harbors. But today’s remote, in-office, and hybrid workers are a distracted bunch. Working from home, as an…


© 2021 Kenna Security. All Rights Reserved. Privacy Policy.