A research paper looking into cybersecurity training found that whilst 70 per cent of employees they polled had taken cybersecurity training, 61 per cent failed a basic quiz on the subject.
The study, undertaken and published by TalentLMS highlighted the importance of IT support services, not only to help combat security threats and mitigate damage and data loss but also to help increase the ability of employees to recognise threats to their security.
The study polled around 1,200 workers, based in a range of fields, on their cybersecurity habits and training. It then asked seven multiple-choice questions about security best practices, from how ransomware works to different dangerous file types.
Interestingly, 60 per cent of respondents who failed the quiz said they felt safe from threats, with 74 per cent of those who got every single question wrong also saying they felt safe despite gaps in their knowledge.
There are theories as to why this is the case, from a classic example of the Dunning-Kruger effect in action to gaps in their knowledge from cybersecurity training.
Here are the seven questions asked and some context for the correct answer.
Strong Passwords
One of the questions asked about passwords that could outsmart a hacking attack, which explores the difference between strong and weak passwords.
There are plenty of ways hackers will guess passwords, from brute force using a tool to keep guessing passwords until one is correct to the careful acquisition of knowledge about a victim.
The weakest passwords are your name, a number sequences such as “12345” and the word “password”. Shorter passwords, easy to guess passwords and simple words are also easy to guess or brute-force.
The strongest passwords have a combination of letters, numbers and symbols, do not resemble real words or at least not words that can be found in publicly accessible information and are long.
File Types
Trojans, or cyber-attacks based on a victim unknowingly downloading and executing a virus program, tend to be found in executable files (files with “.exe” or “.msi” on the end in windows).
Many trojans will send an email with a double file extension, such as “.doc.exe” or “.jpg.exe”.
As well as this, any scripting command files, such as “.bat” can be dangerous, as can document files that can open macros, such as “.docm”. Macros are code installed into document files that can be used for malicious purposes.
Ransomware
Ransomware is unpleasant software, usually installed as the result of a trojan horse that holds files hostage, encrypts files, runs other viruses and demands either payment or something else or else it will publish or delete the victim’s data.
Most viruses tend to work in the background, so the difference between it and ransomware is how overt the attack is.
USB Drives
Pen drives or USB drives can launch programs automatically and inject malware into a computer directly, a concept known as BadUSB. Generally, you should be very careful when handling a drive you do not recognise.
Physical Vs Digital Security
A password-protected laptop is safer than a non-password protected one but given enough time data stored on the laptop itself can be extracted even if it is password protected.
Encrypting sensitive data or uploading it to the cloud will be safer as even if a thief has your physical device they cannot access the cloud without knowing your password.
Phishing
Suspicious looking emails, even from a person you know and trust are generally a sign of a cyber attack. Do not under any circumstances click the link and instead report the email to your IT department to investigate further.