News in the Channel - issue #13


Despite human error being the biggest IT security concern for 34% of SMEs across the UK, IT training is missing some of the most common cyber weakness areas for more than half, according to new research. The pan-European survey from Sharp Europe revealed a disconnect between levels of IT security concern and the specific training businesses have in place to address the most common cyber risks. The research of 5,770 professionals responsible for purchasing IT in their SME reveals that employees not following or even having any cyber training is seen as the biggest risk overall to the effectiveness of their businesses’ IT security; more so than large scale industry attacks or concerns around not having the right protection in place. In fact, 24% are now more concerned than previously about technology security risks because of the lack of training for employees. Despite the importance of training, and the concerns around human error, the research revealed that areas that would help address threats that have impacted SMEs, such as virus attacks (25%), phishing (31%), data loss (30%) and password attacks (24%) are simply not covered by a significant proportion of the current training provided to employees. Security training programmes in less than half of SMEs cover passwords (46%), downloading files (46%), connecting to a secure network (45%), or even the basics around logging on and off (44%). “IT security is as much a people issue as it is a technology challenge, our team members are ultimately our last line of defence against threats,” said Matt Riley, director of security at Sharp UK. “Businesses and organisations of course need to have all the right technology in place, such as firewalls and anti-virus software, but they also need to create a security culture and robust training that covers all employees, not just the IT team and senior management. “Failing to have continuously refreshed cyber training in place for dealing with everyday issues like changing passwords, spotting phishing emails and downloading files is a real concern. The recent surge in AI-enabled phishing attacks is rising to new levels of sophistication, meaning more businesses are more vulnerable than ever to attack. To combat this at Sharp UK, we are using new tools to educate and put knowledge into practice. Traditional training methods such as watching videos don’t provide an engaging way for knowledge to be embedded through practical application. New training tools simulate phishing, raising awareness of the threat, and fostering positive conversations within our own teams about cyber security. Ultimately, these training oversights can cost businesses significantly so it’s important to keep investing and evolving IT security training.” Even with the general rise in security concerns only 40% of firms across the UK have increased IT security training since moving to a hybrid model and only 41% of SMEs cover hybrid working in their training programmes. Major cyber risks not covered in IT security training

Powered by