[UK] Industry cyber security training provisions ranked

New research has explored cyber security training provisions in the UK to see which industries have adequately prepared for a cyber attack or cyber security breach, The HR Director reports.

Indusface surveyed respondents from 16 different industries to reveal whether businesses are carrying out sufficient cyber security training for employees. 

The survey’s key findings:

• 96 per cent of the Utilities sector provide cyber security training for employees.

• 3 per cent of the Accommodation and Food sector actively train employees in cyber security.
• 42 per cent of overall survey respondents do not actively train employees in cyber security.

The 10 sectors with the lowest incidence of cyber security training for employees were reportedly:

Accommodation and Food is the sector that currently has the lowest instance of cyber security training, with only 3 per cent of respondents revealing that they offer this to employees.

Accommodation and Food businesses stated that the most common form of cyber attack was via email hacking; 64 per cent of respondents within this sector had experienced this. Responses from the survey reportedly suggest that cyber security training needs to be increased, with a focus on email hacking and phishing attacks.

The Transport sector ranks second, with 11 per cent of respondents revealing that they actively train employees in cyber security. While 41 per cent said they have experienced a cyber attack via email hacking. 

The Education sector ranks third, with 17 per cent of respondents revealing that they actively train employees in cyber security. Such training within the Education sector needs to be increased and improved. 78 per cent of respondents reported that they have experienced a cyber attack and 76 per cent of respondents stated that email hacking was the method used. 

The top 5 sectors offering cyber security training opportunities for employees were:

Venky Sundar - Founder and President of Indusface - responded to the results and the importance of cyber security investment and training among all business sectors. He said, “The cyber security of any business, whether an SME or a larger corporation, is vital to its integrity.

"With technology and the internet being an integral, useful part of how many businesses operate, it is important that every company understands the risks of it being inadequately protected. If cyber attacks occur, a business can suffer from lost business data, a degraded reputation, and potentially a large financial cost.

“While we found that email hacking is the most prevalent, the way it is carried out is very versatile. Phishing is a much talked about threat, however, bot attacks such as account-takeover and credential stuffing could also be used to hack emails and get access to email accounts. The other method is when hackers exploit an SQL injection vulnerability on a table and extract all credentials through the vulnerability.

“In addition to training all employees on how to evade phishing attacks, organisations will also find it worthwhile to run regular security assessments and implement a WAAP solution to filter out malicious attacks right at the perimeter before the attacks hit the application servers. 

“Finally, it is important to build defences in depth. All systems are to be designed while assuming that they don’t get compromised even in case an email is hacked. This problem is especially bad in the SME space as security software needs to be constantly updated and the acute shortage of talent and resources mean that SMEs run outdated security software products.” 

Full survey results and data available here

Source: The HR Director

(Link and quotes via original reporting)

New research has explored cyber security training provisions in the UK to see which industries have adequately prepared for a cyber attack or cyber security breach, The HR Director reports.

Indusface surveyed respondents from 16 different industries to reveal whether businesses are carrying out sufficient cyber security training for employees. 

The survey’s key findings:

• 96 per cent of the Utilities sector provide cyber security training for employees.

• 3 per cent of the Accommodation and Food sector actively train employees in cyber security.
• 42 per cent of overall survey respondents do not actively train employees in cyber security.

The 10 sectors with the lowest incidence of cyber security training for employees were reportedly:

Accommodation and Food is the sector that currently has the lowest instance of cyber security training, with only 3 per cent of respondents revealing that they offer this to employees.

Accommodation and Food businesses stated that the most common form of cyber attack was via email hacking; 64 per cent of respondents within this sector had experienced this. Responses from the survey reportedly suggest that cyber security training needs to be increased, with a focus on email hacking and phishing attacks.

The Transport sector ranks second, with 11 per cent of respondents revealing that they actively train employees in cyber security. While 41 per cent said they have experienced a cyber attack via email hacking. 

The Education sector ranks third, with 17 per cent of respondents revealing that they actively train employees in cyber security. Such training within the Education sector needs to be increased and improved. 78 per cent of respondents reported that they have experienced a cyber attack and 76 per cent of respondents stated that email hacking was the method used. 

The top 5 sectors offering cyber security training opportunities for employees were:

Venky Sundar - Founder and President of Indusface - responded to the results and the importance of cyber security investment and training among all business sectors. He said, “The cyber security of any business, whether an SME or a larger corporation, is vital to its integrity.

"With technology and the internet being an integral, useful part of how many businesses operate, it is important that every company understands the risks of it being inadequately protected. If cyber attacks occur, a business can suffer from lost business data, a degraded reputation, and potentially a large financial cost.

“While we found that email hacking is the most prevalent, the way it is carried out is very versatile. Phishing is a much talked about threat, however, bot attacks such as account-takeover and credential stuffing could also be used to hack emails and get access to email accounts. The other method is when hackers exploit an SQL injection vulnerability on a table and extract all credentials through the vulnerability.

“In addition to training all employees on how to evade phishing attacks, organisations will also find it worthwhile to run regular security assessments and implement a WAAP solution to filter out malicious attacks right at the perimeter before the attacks hit the application servers. 

“Finally, it is important to build defences in depth. All systems are to be designed while assuming that they don’t get compromised even in case an email is hacked. This problem is especially bad in the SME space as security software needs to be constantly updated and the acute shortage of talent and resources mean that SMEs run outdated security software products.” 

Full survey results and data available here

Source: The HR Director

(Link and quotes via original reporting)