Employees unsure who to go to to report security incident
Without training, 21% of the untrained global workforce did not know who to go to when faced with a threat, according to a newly released report from KnowBe4.
KnowBe4 is the provider of a global security awareness training and simulated phishing platform.
According to the company, the minutes that lapse between an employee seeing a potential security threat and the right person in an organisation receiving the information can make the difference between warding off or leaving the door open to an intrusion.
"This makes ensuring employees know when to report a threat, and who to report to, a vital security step for organisations of all sizes," it says.
In the study, annual security training reduced that percentage to 17%. But it is repetition that creates the most significant change – overall improvement on knowing who to go to doubled in those who completed monthly versus annual training, the report shows.
The report includes an assessment of training frequencies across industries, with education, technology and healthcare and pharmaceuticals coming in lowest on monthly training, meanwhile, hospitality and transportation are leading at 28 and 20% respectively.
Across industries, the report shows that increasing the frequency at which employees complete security awareness training has an almost universal positive influence. Without the benefits obtained by frequent training, employees are left to decipher security instructions on their own, lacking proper guidance and ultimately putting the organisation at higher risk for mishandling a security incident.
"Monthly training brings about an improved understanding of the terminology and knowledge about why the procedures are in place, as well as the correct channels for communication of threats," says Stu Sjouwerman, chief executive officer at KnowBe4.
"As the data demonstrates, ensuring that this vital information is communicated regularly is a necessary step in securing an organisation of any size and contributes to creating a stronger security culture," he says.
KnowBe4's security awareness training and simulated phishing platform is used by more than 52,000 organisations around the globe.
Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organisations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security.
Kevin Mitnick, an internationally recognised cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics.
Tens of thousands of organisations rely on KnowBe4 to mobilise their end users as their last line of defense.