Office workers and CISOs really aren't on the same page when it comes to security

Stock photo of young woman’s face as she contemplates one of the many computer monitors that surround her.

(Image credit: Getty Images)

There appears to be a lack of cybersecurity awareness amongst many office workers, despite most believing that they have been adequately trained, new research has claimed.

A survey from Encore of 100 C-level executives, 100 Chief Information Security Officers (CISOs) and 500 office workers in the US and the UK found a significant security knowledge gap between IT teams and workers.

Some of the more worrying findings include the failure of over half (57%) of staff to properly define what a phishing attack is, yet 90% of C-Suite executives believe they provide adequate cyber awareness training, and 80% of staff agree.

Bad practices

If this is the case, though, it seems none of that training has sunk in. Basic security practices are seemingly being ignored, as over a third of employees use the same password for both work and personal devices, and 37% use personal devices for work purposes.

> Your company executives could still be the weakest cybersecurity link

> Even top-level executives are practicing poor password hygiene

> Attention businesses: please stop using the worst passwords possible

Again, though, leaders appear blind to this fact. 71% of executives are confident that they deploy enough safeguards to secure their business, including from human error.

21% aren't confident in their safeguards though, and 8% think that their workers pose no risk at all.

“Despite hundreds of reported breaches making the headlines each year – often featuring news of an exploited user account or an exposed password – it’s concerning that nearly a third of organizations have insufficient defenses around the workforce,” says Encore CTO Lior Arbel.

Arbel believes that firms treat cybersecurity training as a box-ticking exercise, and that as threats continue to evolve, keeping pace with adequate training is hard.

"Business leaders trust that their staff are being well trained, and each individual trusts that their employers are providing them with all the knowledge and tools they need... however, a gap between perceptions and reality has formed – and it needs bridging immediately," Arbel concludes.

Other research has found similar failings among workers, such as the prevalence of malicious links in emails being opened, unaware that they are used as part of phishing attacks to elicit passwords and other credentials from businesses, or otherwise infect the target system with malware.

This is the best firewall to secure your business

Lewis Maddison is a Staff Writer at TechRadar Pro. His area of expertise is online security and protection, which includes tools and software such as password managers.

His coverage also focuses on the usage habits of technology in both personal and professional settings - particularly its relation to social and cultural issues - and revels in uncovering stories that might not otherwise see the light of day.

He has a BA in Philosophy from the University of London, with a year spent studying abroad in the sunny climes of Malta.