41% of the UK workforce returning from furlough have never been offered a security awareness training course, research has found.
A recent survey conducted by Censuswide on behalf of KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, finds that the UK workforce is ill-prepared to face today’s expanding cybersecurity threat landscape.
It’s been a tough year for many organisations. Having to move most, if not all staff to remote working in short order, furloughing some staff, and even cutting back on security controls. However, criminal activities have spiked during COVID-19 and more organisations and individuals have been attacked during this time.
So, it’s important that organisations not only implement the right security controls to accommodate a flexible workforce, but also provide the right training to its staff.
Of a thousand recently furloughed employees, 41% admitted that their company had never offered them a security awareness training course, while 14% have gone as far as to say that their employer has not taken cybersecurity seriously enough.
While a quarter (25%) of organisations did implement added security measures such as multifactor authentication in the last six months, much still remains to be done; particularly, when it comes to reinforcing the human firewall.
Of those who did receive training, 29% of respondents conceded that it had been at least six months or more since the last training course. This is concerning seeing as 42% of respondents chose to sort through their emails quickly upon return to work in an effort to get back to business as usual; therefore, increasing the likelihood of an individual falling victim to a phishing attack.
In fact, a quarter (25%) of respondents have received a phishing email in the last six months relating to Covid-19 or furlough, alone. Within that same period, 12% acknowledged that they are aware of a security incident that has taken place in their organisation.
As people have shifted to more remote working environments, Knowbe4 has seen an increase in phishing emails disguised as meeting invites.
Recently, a hedge fund in Australia was forced to close after one of its execs clicked on a link in what appeared to be a Zoom meeting. As a result, criminals gained access to the executive’s email account and were able to siphon off millions. And while much of the money was recovered, the reputation was damaged to the point where major clients pulled out their money, forcing the fund to close.
Moreover, on average, respondents have received unexpected meeting notifications twice a week.
“Since the mass shift to remote working earlier this year, we have seen an undeniable amplification in cyberattacks. Although security measures are a fundamental aspect to safeguarding organisations from such malicious activity, the fact is that cyber attackers will be targeting your Achilles heel. That is, the people,” said Javvad Malik, security awareness advocate at KnowBe4.
“This is especially true as cybercriminals innovate and adopt new methods such as employing phishing links disguised in meeting invites. As we saw recently with the collapse the Australian hedge fund, Levitas Capital, the consequences can be devastating.”
This news comes after a study by Atlas VPN found that the global cybersecurity workforce gap was at 3.12 million in 2020, as stated in the Intelligence and Security Committee (ISC) 2020 Global Workforce Study.
The research found that the number of vacancies in internet security varies widely by region. However, in the Asia-Pacific area it was found that they had an a gap of 2.04 million cybersecurity positions, the highest globally compared to the combined amount of the other regions, which only totalled to 1.071M.
For more Technology news follow i-invest Online.