New research from Kaspersky, along with Area9, has found that 90% of respondents who have participated in Kaspersky’s Adaptive Online Training course and selected a wrong answer have confidently evaluated their feelings toward the given response as “I know it” or “I think I know it.” This was revealed through an adaptive learning methodology, which asked learners to assess their levels of confidence in responses, as well as answer the test questions.
As a result of the COVID-10 pandemic, many companies have switched to remote working. This change has affected corporate security via a growing number of web-based attacks and coronavirus-related phishing, as well as the increased use of shadow IT. To help businesses improve their staff’s cybersecurity skills, Kaspersky and Area9 released an adaptive learning course for those transitioning to at-home working, covering the basics of secure remote operations.
Further analysis from this study also identified the most difficult learning objectives, concluding the most challenging lesion was why to use virtual machines. As many as 60% of the given answers were wrong on this matter, with 90% of respondents falling into the ‘unconscious incompetence’ category. This means that mistaken learners were still sure that they had selected the right answer or option.
More than half of responses (52%) to questions about reasons why employees should use corporate IT resources (such as mail and messaging services or cloud storage) when working from home was incorrect. In 88% of cases, remote employees thought that they could explain this correctly. Almost the same proportion of mistakes (50%) was made when answering a question about how to install software updates. In this case, a staggering majority of 92% of those who had provided wrong answers, believed they had that required skill.
“If employees see no danger in risky actions, let’s say, in storing sensitive documents in personal storage, they are unlikely to seek advice from IT or IT Security departments,” said Denis Barinov, Head of the Kaspersky Academy. “From this perspective, it’s hard to change such behavior, because a person has an established habit and may not recognize the associated risks. As a result, ‘unconscious incompetence’ is one of the most difficult issues to identify and solve with security awareness training.”
These survey findings bring to light the human factor in cyber incidents based on employees’ misguided confidence on their cybersecurity skills, and why organizations need such trainings to better understand their employee’s authentic skill levels. In doing so, business organizations will be better equipped to train employees on best practices to defend against cyber criminals.
To learn more about how the adaptive learning approach can be applied to make employees behave more securely, please visit the official Kaspersky Adaptive Online Training web page.
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.
About Area9 Lyceum
Area9 Lyceum builds 21st century skills and competencies through the world’s first four-dimensional learning platform, Area9 Rhapsode™. Based on more than 20 years of research into human factors and cognition, our AI-based platform delivers truly personalized learning at scale -cutting training time in half, guaranteeing proficiency and making lasting impacts on careers and business outcomes. www.area9lyceum.com