Blue Coat Systems, Inc., recently acquired by Symantec, the cyber-security product company, has reported an online study among 3130 workers in various industries across Great Britain, France and Germany. The survey suggests that organisations are still being exposed to increasingly sophisticated cyber-threats posed by social engineering, where personal and work information is gathered, often via social media, and used to deliver IT threats into networks.
Despite increased use of social media applications, inside and outside of the office, this survey shows how workers are still failing to fully protect themselves from complex social engineering techniques like phishing, according to the firm. Phishing sees hackers, posing as legitimate organisations or individuals, seek to trick users into clicking on or downloading malware, to obtain sensitive information such as login credentials or passwords.
User behaviours have not improved since 2015 and, in some cases, have grown worse, warns Blue Coat. While some areas indicate an improved sense of social media savviness, other areas supply modern-day hackers with opportunities to exploit. Key findings amongst those who use social media include:
– In 2016, 42 percent of respondents report only accepting requests from people they know, suggesting a willingness to connect with strangers, down slightly from 2015 (43 percent).
– Privacy access and settings remain an issue, with only 40 percent of 2016 respondents still having set privacy settings allowing only certain people to view their profiles, the same as in 2015.
– When connecting with people, 41 percent of 2016 respondents always check identities before connecting, indicating a small uptick in caution when compared with 2015 which came in at 38 percent.
All generations pose security risk
Workers between the ages of 18 to 24 were less likely to set up privacy settings in 2016 (49 percent) than 2015 (60 percent). They are also less likely in 2016 to check the identities of people before connecting with them (53 percent), compared to in 2015 (57 percent). However, even after this decline, millennials were still markedly more discerning in both of these areas than other age groups. Workers within the 45-54-year-old bracket have improved in 2016, as 37 percent always check the identities of people before connecting, compared to 32 percent from 2015. Of those 55 and over in 2016, 40 percent check identities before connecting, up from 30 percent in 2015. Despite these improvements, the data shows that workers over 45 as a group tend to be considerably less vigilant than their counterparts. In 2016, millennials (workers aged 18 to 24) exhibited the worst password behaviour, with 14 percent using the same password for every application, almost double that of the whole working population (8 percent overall).
Only just over one-third of all respondents use a different password for each social media and messaging application (36 percent).
Much to learn
Financial professionals suggest the highest likelihood to connect with strangers, with 37 percent who only accept requests to connect from people they know, followed by HR (40 percent), Health (41 percent). When it comes to using different passwords across all applications, surprisingly IT professionals (39 percent) fare no better than their less-informed colleagues, trailing HR professionals (43 percent) and only slightly better than Health (36 percent), Sales (35 percent), and Financial (32 percent) professionals. IT professionals are the savviest when it comes to preferring only to use encrypted applications (16 percent), while Health professionals are the least likely to use them (10 percent). IT professionals are the most likely to check the identities of people before connecting (51 percent), compared to HR (45 percent), Health (43 percent), and Financials professionals (34 percent). Only 33 percent of HR professionals have set up privacy settings on their profiles, compared to 47 percent of IT and 45 percent of Health professionals, the two best-performing job functions.
Robert Arandjelovic, director of Blue Coat product marketing in EMEA for Symantec said: “This research highlights the risks organisations are exposed to due to the behaviour of their employees on social media and messaging applications. Social engineering remains a common tactic for threat actors to gain access to business networks, in part due to many employees leaving security holes through poor social media practices. This makes it easier to have an account compromised, and for attackers to move laterally to more sensitive business applications that contain critical data. Social engineers hack people, not computers, so it’s important to ensure humans aren’t the weakest link in cyber security. Encouraging employees to protect themselves online, with simple steps such as strong passwords for each application and privacy setting, will help navigate through the complexity of modern day threats.”
About the study
All figures, unless otherwise stated, are from YouGov Plc. Total sample size for 2016 was 6,044 adults, 3,130 of whom were workers, and fieldwork was undertaken between May 6 to 12, 2016. Total sample size for 2015 was 4265, 2852 of whom were workers, and fieldwork was undertaken between 18th -25th May 2015. The surveys were carried out online. The figures for each survey have been weighted and are representative of all adults (aged 18-plus) in each respective country (GB, France, and Germany).
