A majority of UK businesses are failing to adequately train their remote working employees to spot security threats, according to new research from iomart.
The cloud services company based its Cyber Security Insights Report on the views of 1167 UK workers at C-level, director, manager and employee level. It found that over a quarter (28%) of their employers offer no cybersecurity training for the distributed workforce, while a further 42% do but only to select employees.
Of those who were offered training, 82% claimed that it was a short briefing rather than something more comprehensive. Less than a fifth (17%) said they had regular training sessions.
That means, overall, just 8% of those surveyed receive regular security training.
This comes at a time when threats are on the rise. A fifth (20%) of those surveyed reported seeing an increase in cyber-attacks as a result of working remotely.
Cyber-criminals have been targeting remote workers with phishing emails often themed with COVID-19 lures, as well as vulnerabilities in VPN infrastructure and insecure RDP endpoints that can be easily brute-forced or their credentials bought off the dark web.
The number of RDP ports exposed to the internet grew from three million to 4.5 million in the period from January to March 2020, according to McAfee research released in May. Bill Strain, security director at iomart, warned that organizations still aren’t placing security and data protection at the top of their priority list.
“They need to understand what the potential threats are and build resilience into their business strategy so they can react quickly and maintain operations if their IT systems are compromised,” he urged.
“Many businesses would not survive the operational — let alone financial — impact of a data breach. By understanding the potential risk and introducing positive behavior around cyber awareness, they have a much better chance of surviving an incident.”
Remote workers are thought of as a potential cyber risk as many may be more distracted at home and likely to click through on phishing emails, whilst their devices may not be as well protected as corporate equivalents.
This is a cross-post with grateful acknowlegment to InfoSec Magazine. Full story here:
https://www.infosecurity-magazine.com/news/just-8-of-firms-offer-regular/
