#CyberHeadlines: Cybersercurity Training Deemed Insufficient
Report finds Training insufficient for defending against Insider Threats
A recent report by Experian and the Poneman Institute shows that prescribed cybersecurity training is being deemed insufficient in combatting insider threats. Aside from companies failing to put incentives and other programs in place, the training itself is neglecting to cover key threats to employees targeted in attacks. Surveying over 600 IT professionals and high-level staff in various US organizations found that over half had experienced security breaches due to internal behavior and negligence. Many of the companies surveyed did not require contract and part time workers, nor offer follow-on training to employees, but much of the issue comes with the training itself. Apparently over half of companies say their training measures were wholly ineffective. More than half of these programs do not include teaching how to avoid and combat against contracting malware from an insecure website or mobile device, violating access rights, accessing company apps from public wi-fi or being targeted in a phishing attack. On top of this, most companies don’t judge effectiveness by behavior, rather they just simply expect employees to finish the course and move on with their work.
This report was especially interesting to us, at CyberTraining 365, because we just launched a Data Security and Privacy Compliance course for non-technical employees which covers all of these topics along with guidance about making cybersecurity company policies. Check it out at datasecurity365.com.