Growing disconnect between cybersecurity preparedness and training

60 per cent of workers have not received training: survey

Growing disconnect between cybersecurity preparedness and training
The most common types of cyber attacks include phishing, spam, viruses and malware, found a survey. Shutterstock

There is a growing disconnect between how prepared Canadian employees feel when it comes to dealing with cybersecurity threats and how much training they receive, according to a survey released by Scalar, a CDW company.

While 75 per cent of Canadians feel they are prepared to handle cybersecurity attacks in the workplace, 60 per cent say they have not received any form of cybersecurity training.

“Ensuring that employees, regardless of job function, feel properly equipped, educated and trained to deal with the unique security challenges that Canadian organizations increasingly face is imperative. Employers have a responsibility to provide resources and instill best practices in employees,” says Theo Van Wyk, chief technology officer at Scalar.

“As the threat landscape continues to evolve, the lines between workplace and personal security risk blurs; training and preparation is key to help employees become better digital citizens.”

Among those who do not receive cyber security training at work, 57 per cent would like to be trained, found the survey of 1,557 workers.

Among the 40 per cent of Canadian employees who receive training, 79 per cent indicate that receiving training has helped them detect and mitigate threats in the workplace, such as phishing, spam, viruses and malware.

“Organizations need to more strategically consider the cadence, type and style of their training methods, in addition to developing metrics and providing avenues for employee feedback,” says Van Wyk.

“Not only will this help reduce cybersecurity and cloud security threats from arising in the workplace, it will also ensure that best practices learned in the workplace become habitual parts of employees’ personal lives.”

Those who have received the training say it is effective (93 per cent), while 79 per cent say it has helped them to mitigate threats in their professional life.

The most common type of cybersecurity training is done through online modules or courses (63 per cent) followed by companywide emails (57 per cent), training videos (41 per cent), meetings, seminars or lunch and learns (32 per cent) or reading materials (32 per cent), found Scalar.

The most common types of cyber attacks are phishing (67 per cent) and spam (60 per cent) followed by viruses (38 per cent), malware (37 per cent), spyware and pharming (both 21 per cent), whaling and ransomware (both 16 per cent), and botnets and hacking (both 13 per cent).


Latest stories