Corporate user education failing

British corporate end-users found to be apathetic towards, and ignorant of, security threats

IT bosses and the technology industry must work harder to educate corporate users and simplify the terminology around IT security threats, or risk increasingly poor levels of awareness and potential security problems, according to a new report released by web security specialist Trend Micro.

The vendor's corporate end-users “web threats” study surveyed corporate end-user perceptions of, and experiences with, security threats and compared them with a similar study conducted in 2005.

Nearly half of UK respondents said their IT departments could do more to educate them about phishing, while across all countries, end-users who have been victims of spyware or phishing scams said that their IT department could have prevented the incident.

British users were found to be more apathetic to security in the organisation, with little respect or knowledge about the threats or the solutions being provided to protect them, according to Trend's Tony Larks.

"Companies are doing a good job deploying technology solutions but not in showing the value of them to the business," Larks added. "And as an industry we've created terminology which the consumer often doesn't understand."

Larks encouraged firms to re-educate their users about the modern threat landscape, and also urged the vendor community to "not overcomplicate things and simplify terminology".