It is a widely held view, among IT staff, that members of staff are the biggest data security risk; however, when it comes to phishing attacks, even IT security staff are not immune.
Almost 25% of IT employees admitted to falling for a phishing scam, compared to just one in five office workers (21%), and 34% of company owners and high-execs, according to a recent survey conducted by Intermedia.
For its 2017 Data Vulnerability Report, Intermedia questioned more than 1,000 full time workers and asked questions relating to data security and the behaviors that can lead to data violations, malware and ransomware attacks.
When all it takes is for one worker to fall for a phishing email to compromise a network, it is concerning that 14% of office workers either lacked confidence in their ability to detect phishing attacks or were not knowledgeable as to what phishing is.
Confidence in the ability to identify phishing scams was generally high among office workers, with 86% believing they could recognize phishing emails, although knowledge of ransomware was found to be lacking, especially among female employeess. 40% of female workers did not know what ransomware was, compared to 28% of male employees. 31% of respondents said they did not know what ransomware was prior to taking part in staff training classes.
The survey showed security awareness training was lacking at many businesses. 30% of office workers answered that they did not receive regular training on how to deal with cyber threats. Even though the threat level has risen significantly in the past two years, many businesses have not responded. The 2015 data vulnerability report shows 72% of companies regularly communicated cyber threat information to employees and provided regular training, but in 2017 little has changed. Only 70% of companies provide regular training and threat information to their staff members. 11% of companies offered no security training of any nature.
The recently released Global State of Security Survey by Pricewaterhouse Coopers, which was carried out globally on 9,500 executives in 122 countries, suggests the percentage of companies that do not provide security awareness training to their workforce may well be far higher – 48% of respondents to that survey answered they have no staff security awareness training program currently in place.