News Feature | November 20, 2015

CompTIA: Lack Of Cyber Security Knowledge Is Harmful To Organizations

Christine Kern

By Christine Kern, contributing writer

CompTIA: Lack Of Cyber Security Knowledge Is Harmful To Organizations

By Christine Kern, contributing writer

In a recent experiment designed to discern common attitudes and behaviors regarding cybersecurity, CompTIA revealed that nearly one in five people who found a random USB stick in a public setting would use it, opening themselves — and possibly their employers — to cybersecurity risk.

In the social experiment, conducted between August and October 2015, 200 unbranded USB flash drives, preprogrammed with text files, an alias email address, and a unique, trackable link were dropped in high traffic public spaces such as airports, coffee shops, and business districts in Chicago, Cleveland, San Francisco and Washington, D.C Overall, 18 percent of those who picked up the flash drives then proceeded to plug them into devices, open the text file, click on the unique link or email the listed address.

The study Cyber Secure: A Look at Employee Cybersecurity Habits in the Workplace used the flash drive social experiment and the results of a survey of 1,200 full-time workers across the U.S. to examine technology use, security habits, and level of cybersecurity awareness among employees.

Of those surveyed, 94 percent of full-time employees regularly connect their laptop or mobile devices to public Wi-Fi networks; and of those, 69 percent handle work-related data while doing so. Poor password protection is also a risk, with 38 percent of employees admitting that they have repurposed work passwords for personal purposes.

The survey also found that 45 percent of those polled do not receive any type of cybersecurity training from their employers. Furthermore, among companies that provide training, 15 percent of them rely on paper-based training manuals to complete it.

The study confirms the need for more general awareness and more proactive security IT measures.

Channel partners can consider offering services that help clients create annual, ongoing training on evolving threats and best practices for avoiding a cybersecurity incident, along with advising clients on the right solutions and services to increase security of their IT environments.