WatchGuard Blog

74% of companies do not provide employees with any cybersecurity training

In the digital age, where technology has become indispensable, cybersecurity has become a crucial issue for organizations. Investment in security tools to protect digital assets is increasing; however, the biggest threat often lies in an unexpected factor – human error. 

Phishing campaigns, weak passwords, or accidental data leaks can put even the most fortified network at risk. Despite the fact that 71% of companies recognize cybersecurity as a high priority, according to the EU Cybersecurity Agency, 74% have not any taken action, leaving their employees without the necessary training and awareness to address today's cyber challenges.

For instance, in organizations that fail to implement simulated phishing training and testing, a significant percentage of their employees, 30% or more, are prone to fall prey to this type of attack. In contrast, when training programs are implemented and simulated phishing tests are conducted frequently, the percentage of employees likely to fall victim decreases substantially, down to approximately 5% within the space of a year, according to a KnowBe4 study

Passwords vs. cybersecurity training

While many organizations recognize the risks posed by their end users and invest in cybersecurity training and awareness programs accordingly, this training has its limitations, especially when it comes to changing user behavior around passwords.

Despite receiving training on best practices, users often prioritize convenience over security when it comes to their digital passwords. They are not looking to cause harm; they simply want to work efficiently without the burden of memorizing complex passwords. The attitude of “it won't happen to me” tends to prevail when it comes to cyberattacks.

Recent research reveals that 79% of users who received cybersecurity training found it useful. However, only 31% of them reported that they had stopped reusing passwords as a result. Here are the three most common mistakes related to security passwords:

  1. Weak passwords: 

    Weak passwords, such as the classic “123456”, “Password,” or “Qwerty”, are easy for cybercriminals to guess or crack. They just need a bit of luck or specialized software and they will be able to access accounts.

  2. Reuse: 

    Reusing the same password on different platforms and corporate applications is a big risk, since, if an attacker manages to access one of them, this opens the doors to your entire digital space.

  3. Writing down your passwords: 

    Writing down your passwords on a piece of paper or in a digital file may seem like a good idea to remember them, but it is a very dangerous practice. If someone finds your notes, they will have access to your organization's network.

How to protect credentials in your organization?

While this security context may seem daunting, all is not lost. A password manager can be an invaluable ally, offering robust protection against vulnerabilities even when users' security practices fail.

By requiring strong, unique passwords, storing them in encrypted form, and eliminating reuse, this tool shields credentials against common attack methods such as brute force and credential stuffing.

In addition, by facilitating the use of secure passwords through auto-completion, cross-device synchronizatio,n and the option of passwordless access, the likelihood of human error is minimized. In short, a password manager is an indispensable tool for safeguarding an organization's credentials.

If you want to learn more about how to protect your company's credentials, check out the following posts on our blog