Security awareness training company Proofpoint has released the 2019 edition of its “Beyond the Phish” report, which takes a snapshot of the workplace cybersecurity skills to identify knowledge gaps and give pointers towards perfecting an introductory curriculum for everyone involved in online education.
The report draws from a pool of “millions of questions” asked throughout a year ending last February across users in 16 industries. The result is a list of items grouped in 5 main topics, a list of priorities and “mastered” domains, and department as well as industry-specific input.
A few adaptations to “Behind the Phish” are enough to turn the report into a Competency Framework, ideal as a prerequisite course or module for everyone beginning to use online learning systems, LMS especially. Interested?
The five core Cybersecurity competencies
- Accurately identifies phishing threats
- Implements appropriate data protection measures for each step of the Data Lifecycle
- Understands the risks and potential consequences of common scams, including but not limited to Social Engineering
- Keeps sufficient safeguards for her information, across all devices and services, including cloud-based solutions
- Engages in informed debate about Cybersecurity issues affecting workforce professionals
Technically speaking, “Phishing” refers to the type of scam conducted over email in which the malicious actor pretends to make a legitimate request for information that would give them access to the user data. Phishing is perhaps the most familiar example of Social Engineering, which targets the human as the weak link in the cybersecurity chain.
According to the available data, 5 issues proved the most difficult to answer by users of digital technologies:
- How to encrypt information on mobile devices
- How to keep personally identifiable information safe and traceable across services
- Effective qualities of technical safeguards in preventing successful social engineering attacks
- The difference between private and public data
- Actions to take following a suspected data breach (damage control)
Many elements come to light from these results. One is the scale of the threats, which may hint at the kind of approach needed, i.e. the higher the threat the most systemic the response should be. On the education side, it is also clear that technologies themselves could do a better job to make their User Experience more clear when it comes to potential threats. In other words, the design of experiences and interfaces should be an essential element in the process of securing data, systems and platforms.