Why Education is Your Best Cybersecurity Defense

  • May 11, 2017
  • Print This Post

In a recent cybersecurity study, the Pew Research Center developed a brief survey designed to test user familiarity with secure cyber practices and related issues, such as strong passwords, phishing and two-factor authentication. Researchers conducted the poll online, submitting 13 questions to a random sample of adult internet users living in the United States.

Here are the key findings:

  • The typical (median) respondent could answer only five of the 13 questions correctly.
  • Only one in five respondents could answer more than eight questions accurately.
  • Just one percent of the test-takers received a “perfect score” by correctly answering all 13 questions.

There were some nuances to the results, such as younger users and those with higher levels of education more likely to score better than the average. But overall, Pew researchers discovered that “many Americans are unclear about some key cybersecurity topics, terms and concepts.”

Unwelcome news for consumers and companies of all shapes and sizes, as personal and business networks of all types continue to weather an escalating siege of cybercrime. Earlier this year, Symantec Chief Executive Greg Clark told CNBC that as many as four in every 10 North Americans have been victims of some sort of cyberattack in the last 12 months.

And per a recent report by Osterman Research, most prevalent among those attacks are ransomware and phishing – forays focused on human fallibility rather than technological weaknesses. Osterman canvassed IT security executives at large organizations and was told that occurrences of ransomware and phishing are growing several hundred percent each quarter in some companies.

So, if basic knowledge of cybersecurity is low and instances of cyberattacks targeting human frailty are high, how can businesses hope to cope with cyber risk?

According to CompTIA’s new study The Evolution of Security Skills, a multi-faceted approach is the best protection.

“Building an impenetrable defense is no longer practical and the mentality of preventing all breaches is outdated,” Seth Robinson, CompTIA’s senior director, technology analysis, said in a news release. “But a new, proactive approach combining technologies, procedures and education can help find problem areas before attackers discover them.”

Osterman analysts agree with Robinson and place “security awareness training” at the head of a list of best practices that they say also should include deploying detection systems, regularly searching for and fixing network vulnerabilities, maintaining good back-up routines and minding threat reports.

We’ve advocated cybersecurity awareness programs, too, in posts such as “5 Keys to Effective Cyber Security Awareness Training” and “4 Ways to Boost the Engagement (and ROI) of Employee Training Sessions.” We also have urged readers to establish sound back-up practices.

But perhaps our best advice in today’s atmosphere of “cyber-insecurity” has been not to go it alone. As what Symantec’s Clark called a “very big crisis” continues to get bigger, more and more IT Managed Services Providers (MSPs) are specializing in helping businesses deal with cyber threats. See our post “Is Your IT MSP a Cyber Security Guru?” for help finding one that fits your organization.

Need Help With
Your IT?

Find a Location

0 Comments

Need Help with your IT?

Find a Location
Near You.

Gain
weekly
insight

into the evolving world of IT for business.
Subscribe now.

Follow Us
Friend me on FacebookFollow me on TwitterFollow my company on LinkedInRSS Feed

Follow us on Twitter

About

ITinflections is a blog that covers a wide range of technology-based articles IT in the workplace, focusing on small- to medium-sized businesses.

If you’re looking to improve your company’s productivity through the effective use of technology, enjoy ITinflections, the blog about technology for business.