{"id":17553,"date":"2017-07-10T07:01:01","date_gmt":"2017-07-10T05:01:01","guid":{"rendered":"https:\/\/www.kaspersky.co.za\/blog\/?p=17553"},"modified":"2019-01-10T16:55:03","modified_gmt":"2019-01-10T14:55:03","slug":"human-factor-weakest-link","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.za\/blog\/human-factor-weakest-link\/17553\/","title":{"rendered":"The human factor: Can employees learn not to make mistakes?"},"content":{"rendered":"<p>We\u2019ve long maintained that technical means are not enough to protect a business from cyberthreats. It\u2019s entirely possible for a single person to negate the effect of an entire information security team. In many cases, it may be unintentional, the result of lacking basic cybersecurity knowledge, being unaware of threats, or diverted attention. That is why many companies (according to our data, approximately 65%) already invest in employee cybersecurity training.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2017\/07\/07100229\/Featured-Human-Factor.jpg\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2017\/07\/07100229\/Featured-Human-Factor-1024x673.jpg\" alt=\"\" width=\"1024\" height=\"673\" class=\"aligncenter size-large wp-image-17434\"><\/a><\/p>\n<p>There, however, complications may arise. The person who decides staff awareness needs to be raised is not necessarily the person responsible for arranging the training. And although the first person sees an obvious problem, the latter may not solidly understand what cybersecurity training is, how to train staff, or even why the training is needed.<\/p>\n<h2>Understanding the problem<\/h2>\n<p>Let\u2019s imagine that you\u2019ve been tasked with raising cybersecurity awareness. First, what does <em>cybersecurity awareness<\/em> really mean? To nail that down, we worked with market research firm B2B International to gather input from 5,000 companies around the globe about their understanding of the problem and the impact of individual employees in certain cybersecurity incidents. In short, we found:<\/p>\n<ul>\n<li>46% of incidents in the past year involved employees who compromised their company\u2019s cybersecurity unintentionally or unwittingly;<\/li>\n<li>Of the companies affected by malicious software, 53% said that infection could not have happened without the help of inattentive employees, and 36% blame social engineering, which means that someone intentionally tricked the employees;<\/li>\n<li>Targeted attacks involving phishing and social engineering were successful in 28% of cases; <\/li>\n<li>In 40% of cases, employees tried to conceal the incident after it happened, amplifying the damage and further compromising the security of the affected company;<\/li>\n<li>Almost half of the respondents worry that their employees inadvertently disclose corporate information through the mobile devices they bring to the workplace.<\/li>\n<\/ul>\n<p>To see the full text of the research (in English), follow the link below, which fully answers the question \u201cWhy bother raising cybersecurity awareness?\u201d<\/p>\n<p><a href=\"https:\/\/www.kaspersky.com\/blog\/the-human-factor-in-it-security\/\" target=\"_blank\" rel=\"noopener nofollow\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2017\/07\/10062702\/Human_Factor_report-1024x210.jpg\" alt=\"\" width=\"1024\" height=\"210\" class=\"aligncenter size-large wp-image-17456\"><\/a><\/p>\n<h2>Teaching cybersecurity awareness <\/h2>\n<p>The \u201chow\u201d part of the equation is also very important. Multiple courses, lectures, and workshops are available. But training means spending time and money; you need to be sure you\u2019ll get results.<\/p>\n<p>Take, for example, the problem of incident concealment. You can gather employees and tell them that reporting cybersecurity incidents is important. They will probably say they understand \u2014 and keep concealing the incidents, hoping to evade responsibility.<\/p>\n<p>A better approach is to understand their motivation first. In many cases, employees were informed of the strict rules by their managers or information security officers, but no one really explained the rules. Sometimes, management and the information security team also require training \u2014 training on explaining the rules.<\/p>\n<h2>Knowing what to teach<\/h2>\n<p>To withstand today\u2019s sophisticated cyberthreats, a company has to function as a healthy organism, with various teams having different responsibilities and tasks. Naturally, that means teams need to learn about different things. Corporate management must be aware of risks and thoroughly understand their potential financial and reputational costs. Middle management and information security teams require a clear understanding of looming threats and the ability to take actions that increase cyberresilience, and they also need to be able to communicate appropriately with the majority of staff. As for specialists, knowledge about threats is less important than their skill in avoiding them.<\/p>\n<p>That\u2019s why our approach to training includes differentiating staff by seniority and function. <\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2017\/07\/07092950\/human-factor-weakest-link.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2017\/07\/07092950\/human-factor-weakest-link-1024x567.png\" alt=\"\" width=\"1024\" height=\"567\" class=\"aligncenter size-large wp-image-17432\"><\/a><\/p>\n<p>To learn more or commission courses for your staff, please fill out the form below and our specialists will contact you soon.<\/p>\n<div class=\"interactive\"><form id=\"mktoForm_12899\"><\/form><script>MktoForms2.loadForm(\"\/\/app-sj06.marketo.com\", \"802-IJN-240\", 12899);<\/script><script>\n            MktoForms2.whenReady(function(form) {\n                form.onSuccess(function(vals, tyURL) {\n                    document.location.href = tyURL;\n                    dataLayer.push({\n                        'event': 'addEvents_makeConversions',\n                        'event_id': 'd-n01-e11',\n                        'conversion_name': 'Marketo Form',\n                        'conversion_step': 'Form Fill Out',\n                        'conversion_param': jQuery(location).attr(\"href\"),\n                        'eventCallback' : function() {\n                            jQuery(location).attr('href',tyURL);\n                        }\n                    });\n                    return false;\n                });\n            });\n            <\/script><\/div><!-- RECAPTCHA -->\n        <style>.googleRecaptcha { padding: 20px !important; }<\/style>\n        <script>\n            var GOOGLE_RECAPTCHA_SITE_KEY = '6Lf2eUQUAAAAAC-GQSZ6R2pjePmmD6oA6F_3AV7j';\n\n            var insertGoogleRecaptcha = function (form) {\n            var formElem = form.getFormElem().get(0);\n\n            if (formElem && window.grecaptcha) {\n                var div = window.document.createElement('div');\n                var divId = 'g-recaptcha-' + form.getId();\n                var buttonRow = formElem.querySelector('.mktoButtonRow');\n                var button = buttonRow ? buttonRow.querySelector('.mktoButton[type=\"submit\"]') : null;\n\n                var submitHandler = function (e) {\n                var recaptchaResponse = window.grecaptcha && window.grecaptcha.getResponse(widgetId);\n                e.preventDefault();\n\n                if (form.validate()) {\n                    if (!recaptchaResponse) {\n                    div.setAttribute('data-error', 'true');\n                    } else {\n                    div.setAttribute('data-error', 'false');\n\n                    form.addHiddenFields({\n                        reCAPTCHAFormResponse: recaptchaResponse,\n                    });\n\n                    form.submit();\n                    }\n                }\n                };\n\n                div.id = divId;\n                div.classList.add('googleRecaptcha');\n\n                if (button) {\n                button.addEventListener('click', submitHandler);\n                }\n\n                if (buttonRow) {\n                formElem.insertBefore(div, buttonRow);\n                }\n\n                if (window.grecaptcha.render) {\n                    var widgetId = window.grecaptcha.render(divId, {\n                    sitekey: GOOGLE_RECAPTCHA_SITE_KEY,\n                });\n                formElem.style.display = '';\n                }\n            }\n            };\n\n            function onloadApiCallback() {\n            var forms = MktoForms2.allForms();\n            for (var i = 0; i < forms.length; i++) {\n                insertGoogleRecaptcha(forms[i]);\n            }\n            }\n\n            (function () {\n            MktoForms2.whenReady(function (form) {\n                form.getFormElem().get(0).style.display = 'none';\n                jQuery.getScript('\/\/www.google.com\/recaptcha\/api.js?onload=onloadApiCallback');\n            });\n            })();\n        <\/script>\n        <!-- END RECAPTCHA -->\n","protected":false},"excerpt":{"rendered":"<p>Even those who are responsible for arranging security awareness training may not solidly understand what cybersecurity training is, or even why the training is needed.<\/p>\n","protected":false},"author":700,"featured_media":17554,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3021],"tags":[1133,2388,614,2572,1795],"class_list":{"0":"post-17553","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-advices","10":"tag-employees","11":"tag-report","12":"tag-security-awareness","13":"tag-training"},"hreflang":[{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/human-factor-weakest-link\/17553\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/human-factor-weakest-link\/10558\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/human-factor-weakest-link\/8747\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/human-factor-weakest-link\/4774\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/human-factor-weakest-link\/11758\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/human-factor-weakest-link\/11308\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/human-factor-weakest-link\/10790\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/human-factor-weakest-link\/13666\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/human-factor-weakest-link\/13697\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/human-factor-weakest-link\/17969\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/human-factor-weakest-link\/3367\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/human-factor-weakest-link\/17430\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/human-factor-weakest-link\/9253\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/human-factor-weakest-link\/7036\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/human-factor-weakest-link\/13885\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/human-factor-weakest-link\/16821\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/human-factor-weakest-link\/17572\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.za\/blog\/tag\/security-awareness\/","name":"security awareness"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/17553","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/users\/700"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/comments?post=17553"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/17553\/revisions"}],"predecessor-version":[{"id":21882,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/17553\/revisions\/21882"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media\/17554"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media?parent=17553"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/categories?post=17553"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/tags?post=17553"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}