Lack of IT security training is leaving businesses open to data breaches, says Claranet research

Both technical teams and general staff need more frequent guidance on recognising and dealing with cybersecurity threats.

New research by global technology services provider Claranet has revealed that six in ten organisations (61 per cent) believe that their general workforces need much more training in cybersecurity awareness. Somewhat alarmingly, 38 per cent of respondents said that their software development teams also need a great deal more training in this area, and 29 per cent said the same is required for IT operations teams. This evidence underlines how much more needs to be done – even within technical teams – to eliminate this skills shortage and bring internal cyber awareness levels up to a point where threats can be effectively countered.

The survey was carried out by Vanson Bourne and surveyed 100 IT decision-makers from a range of UK businesses with more than 1,000 employees. According to the findings, 61 per cent of general staff have not had full IT security training. This figure is lower for software development teams (38 per cent) and IT operations teams (29 per cent), but shows that training coverage is still by no means comprehensive.

For Neil Thomas, Group Security Services Director at Claranet, this shows how businesses need to do more to increase their training capabilities and reduce the potential for human error to lead to costly data breaches.

Thomas said:

Most business leaders are aware of the need for effective cybersecurity measures to counter the constantly evolving threat landscape, but this research shows that efforts to train staff still haven’t been as effective as they could be. This is critical for all technical teams but general awareness across all business functions is also extremely important.”

The findings from the research also suggest that there is a disconnect between the faith that businesses have in their cybersecurity technology and their general awareness of the organisation’s security risk profile it is there to protect. 84 per cent of respondents said that they have confidence in their breach detection systems if company data is compromised. However, over a third (36 per cent) said that their organisation’s IT security risk profile is not well understood.

For Thomas, this suggests that some companies may be relying too heavily on technology to handle the cybersecurity burden:

It’s well-known that human error is a leading cause of data breaches. It’s insufficient to expect protection and detection technologies and services to do all the work while staff training falls short. It’s therefore crucial that all employees are fully aware of security risks. And special attention must be paid to software development and IT operations who need a more detailed understanding specific to their roles. Not only does upskilling technical staff result in an improvement in security posture, it can also lead to closer collaboration across the Development, Operations, and Security teams.”

As one of the leading training providers at the Black Hat cybersecurity conferences, we have the expertise to work closely with our customers to improve in-depth security technical awareness and skills. We use Classroom learning and labs for this but now, through a new partnership that we’re announcing with Global Learning Systems, this support has expanded with a wide range of security awareness online training products and services. By combining these two options, we can now provide more effective training solutions.”

Global Learning Systems CEO, Larry Cates, said of the partnership:

Organisations are recognising that building a true cybersecurity culture requires a continuous and comprehensive learning programme. They need multi-modal, role-specific training for every facet of their business, which is why Claranet and Global Learning Systems have joined forces.”

Thomas concluded:

Getting the right technology infrastructure and testing procedures in place is clearly a fundamental part of protecting businesses from cyber-attacks. But businesses should also remember the human element, and that’s why effective training is a crucial part of the mix.”