A lack of cybersecurity training in the workplace continues to be a major reason why there’s a surge in cyberattacks in Canada, according to a new study from Scalar Decisions Inc. entitled The Digital Citizen: A Canada-Wide Survey on Security Awareness in the Workplace.
Those that did say they feel prepared are likely blissfully unaware of the true level of threat that exists due to that lack of training, says Theo Van Wyk, the chief technology officer for Scalar.
Of the 1,550 Canadian employees surveyed in the study, 75 per cent said they felt prepared for a cyberattack in the workplace.
But Van Wyk doubts the validity of those beliefs; a point underscored by the fact that 60 per cent of respondents receive no cybersecurity training at all from their employer.
“People are not walking around feeling overconfident. It’s almost that they’re unaware of some of the threats and they do feel confident about what they know,” said Van Wyk in an interview with ITbusiness.ca. “But once they understand the other threats, then they understand the magnitude.”
For those that are aware of their cybersecurity shortcomings, there is a great desire to learn. Fifty-seven per cent of respondents who do not currently receive cybersecurity training said they have a desire to receive some.
So why are businesses not meeting that demand?
Van Wyk said he believes this just comes down to a case of people not thinking they are at risk until it is too late, either because they believe their data is not worth stealing or holding hostage or because they do not see the value in investing in cybersecurity training.
In fact, an astounding 7 per cent of respondents said that their employers do absolutely nothing about cybersecurity, let alone training in the area.
“I like comparing investing in security to insurance. People don’t think they need it until they realize it’s too late,” he said. “Unfortunately, sometimes the driver that we see for some organizations are just that either themselves or somebody else in their industry gets targeted and suffer some form of financial or productivity loss and then finally realize the reality of it.”
This lack of training becomes all the more magnified when you consider that malware attacks are not only becoming more damaging but also easier than ever to execute and manage for bad actors.
And while Van Wyk noted that even a little bit of cybersecurity awareness training in the workplace can make a difference – underscored by the fact that 79 per cent of the study respondents said that cybersecurity training helped them detect and mitigate a threat in the workplace – he did clarify that the battle to keep your employees trained is never over. Even those that said they detected threats at work are likely still unaware of many other attacks directed at them that they did not recognize.
In a perfect world, Van Wyk said he would like to see vigilance practised in cybersecurity not only in the workplace but also at home, which plays into his idea of a “digital citizen”.
According to the study, more people experienced cyberattacks at home than at work; with 24 per cent reporting an attack at work and 31 per cent reporting an attack at home.
But by practising the ideologies of the “digital citizen”, Van Wyk believes that cybersecurity will eventually just become second nature to Canadians countrywide.
“The whole idea is that when they’re better digital citizens in general, when they come to the office, it is not an animated attempt to be good at security. It just sort of born in and it’s more natural to them.”