Cyber tech provider Proofpoint said a recent security awareness audit of employees that undertake security training concludes that people are only hitting on the right answers 78 percent of the time.
The audit analyzes nearly 130 million questions answered by Proofpoint customer end users across a variety of industries, and found that the following cybersecurity topics wrought the most incorrect answers among respondents:
- Identifying phishing threats;
- Protecting data throughout its lifecycle;
- Compliance-related cybersecurity directives;
- Protecting mobile devices and information; and
- Using the internet safely.
Meanwhile, topics like how to identify potentially risky communication channels, security safeguards while traveling, recognition of ransomware and malicious pop-up windows, and risks from Bluetooth pairings showed the highest rates of correct responses.
Users in education, transportation, energy, healthcare, and manufacturing industries had the highest percentage of wrong answers, while the finance, telecommunications, tech, insurance, and government sectors garnered the highest percentage of correct answers.
Proofpoint said that organizations need to educate their personnel to bolster user understanding of cybersecurity risks and issues.
“Cyber criminals continue to focus on people, structuring attacks to take advantage of users who are unaware and unprepared,” the audit said. “Organizations must take a people-centric approach as well—and not just to stop external attacks. Not all security incidents are solely the result of an attack; many arise from poor user security practices and a general lack of awareness.”