A quarter of UK office workers do not know what phishing is and almost a fifth of UK organisations do not provide training to help staff understand security threats, a survey has suggested.
The survey, for PhishMe, by One Poll in December 2013, looked at the attitudes of 1,000 UK office workers. The IT security product firm PhishMe said that UK organisations are taking a lackadaisical approach to security training, with 19 percent not providing any staff security training whatsoever, and 24 percent not providing basic security training, including induction training, classroom training, employee security policy training or phishing training.
The firm said that the recent spate of cyber attacks against some of the world’s leading brands have highlighted the significant impact cybercrime can have on organisations. Businesses cannot afford to ignore or short-change the importance of staff security training given the odds of compromise. Failure to do so can result in significant financial losses to organisations, as well as loss of Intellectual Property, confidential customer data, and customer trust.
Rohyt Belani, CEO of PhishMe, said: “Phishing is one of the biggest security threats to organisations and it is critical that staff are given continuous training on how to identify evolving threats. Attackers use techniques such as spear-phishing where they create very credible looking malware-bearing emails and target specific individuals within an organisation, based on publicly available information. A disengaged employee population makes it increasingly difficult for organizations to defend against advanced cyber attacks.
“Organisations that provide staff with immersive security training are able to leverage them as a line of defence and a robust attack detection mechanism, to better protect their networks. Even if a company has all the latest security technologies in place to protect their systems, human susceptibility is still one of the leading causes of a successful breach.”
Phishing, the IT firm argues, has proven to be a very effective low-cost attack vector that bypasses most traditional detection methods. With cyber criminals, nation-state actors, and most recently hacktivists such as the Syrian Electronic Army, carrying out successful attacks via email, office workers can only expect more of the same, it is claimed.
