New research from Kaspersky, along with Area9, has
found that 90% of respondents who have participated in Kaspersky's
Adaptive Online Training course and selected a wrong answer have
confidently evaluated their feelings toward the given response as "I
know it" or "I think I know it." This was revealed through an adaptive
learning methodology, which asked learners to assess their levels of
confidence in responses, as well as answer the test questions.
As
a result of the COVID-10 pandemic, many companies have switched to
remote working. This change has affected corporate security via a
growing number of web-based attacks and coronavirus-related phishing, as well as the increased use of shadow IT.
To help businesses improve their staff's cybersecurity skills,
Kaspersky and Area9 released an adaptive learning course for those
transitioning to at-home working, covering the basics of secure remote
operations.
Further
analysis from this study also identified the most difficult learning
objectives, concluding the most challenging lesion was why to use
virtual machines. As many as 60% of the given answers were wrong on this
matter, with 90% of respondents falling into the ‘unconscious
incompetence' category. This means that mistaken learners were still
sure that they had selected the right answer or option.
More
than half of responses (52%) to questions about reasons why employees
should use corporate IT resources (such as mail and messaging services
or cloud storage) when working from home was incorrect. In 88% of cases,
remote employees thought that they could explain this correctly. Almost
the same proportion of mistakes (50%) was made when answering a
question about how to install software updates. In this case, a
staggering majority of 92% of those who had provided wrong answers,
believed they had that required skill.
"If
employees see no danger in risky actions, let's say, in storing
sensitive documents in personal storage, they are unlikely to seek
advice from IT or IT Security departments," said Denis Barinov, Head of
the Kaspersky Academy. "From this perspective, it's hard to change such
behavior, because a person has an established habit and may not
recognize the associated risks. As a result, ‘unconscious incompetence'
is one of the most difficult issues to identify and solve with security
awareness training."
These
survey findings bring to light the human factor in cyber incidents
based on employees' misguided confidence on their cybersecurity skills,
and why organizations need such trainings to better understand their
employee's authentic skill levels. In doing so, business organizations
will be better equipped to train employees on best practices to defend
against cyber criminals.
To
learn more about how the adaptive learning approach can be applied to
make employees behave more securely, please visit the official Kaspersky Adaptive Online Training web page.