This is another article that shows the importance of security awareness training. In particular I thought the following findings were interesting:
- Employee awareness of cyber security risks lowest in government and healthcare
- COVID-19 disrupted employee cybersecurity training
- Cybersecurity training has a positive impact on employee awareness
It’s always sobering to hear statistics about the present state of employee awareness. In particular, it was very concerning to see that healthcare and government sectors had the lowest awareness of cyber risks. This was surprising given the regulations that face both sectors.
Author: Alicia Hope
Published: October 25, 2021
Link
Hi Matt,
Thanks for posting this article. It really is very concerning that employee awareness was lowest in government and healthcare. These two sectors are two of the most important for cybersecurity, as the hold the most sensitive information on individuals. One would think/hope that these would be two of the most secure for cyber security risks. It starts with employee training and it is apparent that there needs to be increased measures for employee awareness training in both government and healthcare.
The reality is that awareness is always lacking. I’m not sure if it’s because people don’t really comprehend the impact that it will have on their lives or if people just don’t care. If it wasn’t for COVID, we wouldn’t have so much “awareness”. As the workforce transitions to unprecedented online times, they are becoming more and more vulnerable. And until you get hacked or impacted, most won’t think to take action. Most have the mentality of “It won’t happen to me”. Awareness should be bottom up not top down. It should start with the individual.
Great points. I struggle with how to best communicate this to users. I’ve had some success with folks that fell victim to a compromise being advocates for others to take cybersecurity seriously. That said, it’s such an abstract concept for most folks that they can’t fathom it happening to them.