Some 90% of people are overestimating their cyber security abilities, according to Kaspersky.
The security company conducted a test recently using its Gamified Assessment Tool, which revealed that a mere 11% of 3 907 people who participated showed a high level of cyber security awareness.
The majority of mistakes were made when browsing the Web.
Kaspersky’s assessment tool is designed to change staff behaviour and awareness, and to help CIOs and HR departments measure their employees’ cyber skills, and educate their teams.
During the game, players receive points on the decisions they make during commonly encountered situations occurring while working at home, while travelling, or at the office.
They are asked to assess whether their actions carry cyber risks, and how confident they are in their assumptions. Just about one in ten (11%) of test participants was awarded a Certificate of Excellence, meaning they scored over 90% of possible points.
Most users, 61%, achieved an “average” result ranging from 82% to 90% points, while 28% could not prove sufficient cyber security knowledge, scoring less than 75%.
The tool covers six security domains, namely passwords and accounts, e-mail, Web browsing, social networks and messengers, PC security and mobile devices.
Web browsing presented the most difficulty for users, with only 24% of actions being defined correctly. Scenarios associated with mobile devices were least complex, with nearly half (43%) of employees making no mistakes in identifying cyber risks here.
Alexander Lunev, product manager, Security Awareness & Academic Affairs at Kaspersky, says the tool is included in the ‘engagement phase’ of the company’s Security Awareness Portfolio.
“It precedes the training stage in the Kaspersky Automated Security Awareness Platform, allowing employees to get clearer motivation for learning and helping organisations find out which educational program best fits their workers’ specific needs,” he adds.
However, Lunev stresses that even the best possible results achieved are no guarantee that a user doesn't need a periodic knowledge refreshment.
“The adversarial methods can change, and a person’s vigilance may weaken. That is why we make sure that the learning and reinforcement parts of our product are interesting for all learners of all levels,” he says.