Repeated cyber attacks seemingly have done little to improve cybersecurity awareness among employees.
A social experiment over the summer by IT industry group CompTIA resulted in nearly one in five people putting computers at risk by sticking a thumb drive into a device without knowing whether the USB carried a virus or contained other threats.
“Despite a widespread sentiment that end users are more tech savvy than ever before, reckless behavior persists,” the group said in its report.
CompTIA commissioned the experiment to gauge people’s attitudes toward cybersecurity and test their cybersecurity savvy following major – and highly publicized – cyber attacks like the one launched against Target and the one that exposed more than 21 million personnel records kept by the Office of Personnel Management.
CompTIA had the thumb drives placed in public places including airports and coffee shops in Chicago, Cleveland, San Francisco, and Washington, D.C., from August through October.
Seventeen percent of those who recovered the thumb drives put them into computers then opened a text file in the thumb drive, and either clicked on a link they found or emailed the address listed.
The results of the social experiment demonstrate that employees remain one of the most significant threats to an organization’s cybersecurity, according to CompTIA.
CompTIA also commissioned an online survey to determine awareness about cybersecurity among workers and found:
- 94 percent of employees connect their laptop or mobile device to public wi-fi networks
- 63 percent of employees use their work-issued mobile device for personal use
- 49 percent of employees have at least 10 log-ins, but only 34 percent have at least 10 unique log-ins
The report puts the onus to improve cybersecurity awareness on workers and their employers – 45 percent of employees receive no cybersecurity training from their employers.
“Today’s employers have a long way to go in order to fill the gaps in their cybersecurity training efforts,” CompTIA wrote.