Cybersecurity training is missing essential information for business users
New research from Sharp has found that employee mistakes are considered a greater cyber security risk than industry attacks and a lack of security coverage, but this may not be their fault.
According to the report, important topics such as phishing and data loss are not covered in IT training for many SMEs.
Sharp also found that advances in cybersecurity have not kept pace with increasingly popular hybrid work models, leaving another vulnerability to be addressed.
Employees need more IT and security training
Sharp surveyed more than 5,700 European SMB IT buyers about cyber training and found that many training providers do not address virus attacks (25%), phishing (31%), data loss (30%) and password attacks (24%). ).
It found that less than half of the training material covered passwords (46%), downloading files (46%), connecting to a network (45%) and simple procedures such as logging out (44%).
The company also took into account the rise of hybrid working, which has been particularly prevalent over the past three years and remains widespread. Three in five (60%) small and medium businesses have not increased IT security training since going hybrid, where remote working can pose a greater risk, and only two in five (41%) small businesses are addressing hybrid working in their IT training.
Matt Riley, director of security at Sharp UK, said: “IT security is both a human and a technological challenge. Ultimately, our team members are our last line of defense against threats.”
Riley added that companies “also need to create a security culture and robust training that includes all employees, not just the IT team and senior management.”
Going forward, it is clear that companies will need to not only invest more in cybersecurity training, but also address the changing landscape and challenges.