Survey says cybersecurity awareness lacking
- By Gail Repsher Emery
- Jun 17, 2003
Individuals typically blame cybersecurity weaknesses on others, not themselves, according to a survey of nearly 800 professionals.
Findings were published today by Brainbench Inc., a Chantilly, Va., online skills testing firm, and the Information Technology Association of America, an Arlington, Va., association of information technology firms.
Survey participants were individuals and corporate workers in 22 industries taking tests through Brainbench that measure their professional skills. Brainbench offers 425 tests in areas ranging from finance to sales to information technology.
The survey (click for PDF)
found:Two-thirds of respondents said they are aware of cybersecurity issues and are proactive in addressing them, but two-thirds rated their coworkers' and companies' cybersecurity skills as low.Almost half said they had no formal information security training. About half of both American and international workers said their company provides little, sporadic, incomplete or no security information at all, while about half said their company provides frequent information about cybersecurity best practices and management expectations.
The worldwide Global Cyber Security Survey was conducted last month. More than half of the survey participants were in the United States.
Plans to increase cybersecurity must assess the security threat posed by people lacking sufficient information security awareness, according to Brainbench and ITAA. Along with the survey results, the organizations announced the creation of a new security awareness certification.
The Information Security Awareness Certification program is designed to help organizations assess the cybersecurity strengths and weaknesses of their computer users, according to ITAA.
"Several certification programs exist to test the information security skills of technical professionals. The I-ACERT program is a testing resource for the rest of us?non-technical individuals who use a computer and network every day to get the job done," said ITAA President Harris Miller.
In order for an organization to attain I-ACERT certification, 90 percent of its computer users must take the test, and 85 percent must pass the test with a score of 2.75 or better on a five-point scale.
The 40-question test, delivered online by Brainbench, takes about 30 minutes. It covers subjects such as computer security, Internet security, passwords, viruses and harmful software, computer ethics, physical security and sensitive information.