One of the aspects of technology that is sorely overlooked is the need to be learning constantly.

While we don’t deny that there are extremely knowledgeable individuals in some areas of technology, nobody can know everything there is to know about tech.

As the headline of this piece eludes to though, sometimes folks they know more about tech than they do and in the context of a business environment, this can be incredibly dangerous.

Back in April, Kaspersky together with Area9 Lyceum released an adaptive learning course for businesses transitioning to remote-working due to the COVID-19 pandemic.

The Kaspersky Adaptive Online Training course helps teach employees about cybersecurity but today we’re interested in some anonymised data from the course that Kaspersky had a look at.

“Analysis of anonymised learning results revealed that remote staff tend to overestimate the level of their knowledge of cybersecurity basics. In 90% of cases when learners selected a wrong answer, they evaluated their feelings toward the given response as ‘I know it’ or ‘I think I know it’. This was revealed through an adaptive learning methodology, which asked learners to assess their levels of confidence in responses, as well as answer the test questions,” explains Kaspersky.

Drilling deeper into the data reveals that 52 percent of answers regarding why employees should use corporate approved resources such as cloud storage, email and messaging, were incorrect. We’d really love to have seen those answers.

As many as 50 percent of employees were wrong about how to go about installing software updates and 92 percent of those who were wrong believed they had the skill to install software updates, despite being wrong.

“If employees see no danger in risky actions, let’s say, in storing sensitive documents in personal storage, they are unlikely to seek advice from IT or IT Security departments. From this perspective, it’s hard to change such behavior, because a person has an established habit and may not recognise the associated risks. As a result, ‘unconscious incompetence’ is one of the most difficult issues to identify and solve with security awareness training,” explains head of the Kaspersky Academy, Denis Barinov.

This begs the question – does cybersecurity and awareness training need a rethink?

Clearly folks think they know better than they do so perhaps that’s something that can be used to the advantage of those doing the training.

We’re curious to see how the Kaspersky Adaptive Online Training course helps address, or whether it addresses it at all. We’ve asked that Kaspersky keep us updated on the course and if it uses these findings to improve its training we’ll be sure to share that information.

Data from the Kaspersky Adaptive Online Training course.
[Image – CC 0 Pixabay]