Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

12/6/2018
11:30 AM
50%
50%

55% of Companies Don't Offer Mandatory Security Awareness Training

Even those that provide employee training do so sparingly, a new study finds.

Although most cyberattacks begin by compromising an end user, often via phishing messages, most organizations are not training their end users to recognize those attacks. A new survey found that just 45% of organizations provide employees mandatory, formal cybersecurity training; another 10% give optional training.

According to Mimecast, even those organizations that require formal security training only do so sparingly: Six percent conduct sessions monthly, 4% quarterly, and 9% only when onboarding a new employee. Emailed or printed lists of security tips are the most common format of education (33%). 

In addition, nearly one in four employees are not aware of common cyberthreats, such as phishing and ransomware, the study says. Sixty-nine perfect are using corporate devices for nonwork reasons (including news, personal email, social media); however, one in 10 employees are using business devices for personal use more than four hours per day. 

Organizations with security-unsavvy users are at particular risk during the holiday shopping season, as both attack activity and personal use of business devices increase. 

Read more details here

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, Protego,  7/11/2019
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "SpearPhish! Everyone out of the office!"
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10100
PUBLISHED: 2019-07-17
tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab.
CVE-2019-12175
PUBLISHED: 2019-07-17
In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, a NULL pointer dereference in the Kerberos (aka KRB) protocol parser leads to DoS because a case-type index is mishandled.
CVE-2019-12475
PUBLISHED: 2019-07-17
In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation.
CVE-2019-13346
PUBLISHED: 2019-07-17
In MyT 1.5.1, the User[username] parameter has XSS.
CVE-2019-13403
PUBLISHED: 2019-07-17
Temenos CWX version 8.9 has an Broken Access Control vulnerability in the module /CWX/Employee/EmployeeEdit2.aspx, leading to the viewing of user information.