“Nothing in the world is more dangerous than sincere ignorance,” said Martin Luther King Jr.
The switch to remote working. This change affected corporate security via a growing number of web-based attacks, coronavirus-related phishing, as well as the increased use of shadow IT. To help businesses improve their staff cybersecurity skills, in the beginning of April 2020 Kaspersky and Area9 Lyceum launched an adaptive learning course for those transitioning to at-home working, covering the basics of secure remote operations.
Troubling revelations don’t bode well for secure enterprise
The data revealed that remote staff tend to overestimate the level of their knowledge of cybersecurity basics. In 90% of cases when learners selected a wrong answer, they evaluated their feelings toward the given response as “I know it” or “I think I know it”.
The study also identified the most difficult learning objectives – the hardest being reasons why to use virtual machines.
Up to 60% of the given answers were wrong on this matter, with 90% of respondents falling into the ‘unconscious incompetence’ category. This means that mistaken learners were still sure that they had selected the right answer or option.
52% of responses to questions about reasons why employees should use corporate IT resources (such as mail and messaging services or cloud storage) when working from home was incorrect.
In 88% of cases, remote employees thought that they could explain this correctly.
Half of mistakes was made when answering a question about how to install software updates.
92% of those who had provided wrong answers, believed they had that required skill.
“If employees see no danger in risky actions, let’s say, in storing sensitive documents in personal storage, they are unlikely to seek advice from IT or IT Security departments. From this perspective, it’s hard to change such behaviour, because a person has an established habit and may not recognize the associated risks. As a result, ‘unconscious incompetence’ is one of the most difficult issues to identify and solve with security awareness training,” comments Denis Barinov, head of the Kaspersky Academy.