An alarming number of employees (42%) across the UK fail to identify scam emails from the Royal Mail, according to new research from OpenText Security Solutions (Webroot + Carbonite).
The ‘employee awareness of cyber risks’ research, conducted by Opinium Research and OpenText Security Solutions in March last year, found that 44% of large organisations suffer network downtime lasting longer than one day due to phishing attacks.
“Security awareness is critically important for all organisations, as the employee is always the first line of defence in cyber security,” said Matt Aldridge, principal BrightCloud threat intelligence solutions consultant at OpenText Security Solutions. “There’s no use investing in sophisticated cyber security software if employees click on dangerous phishing links and grant cyber-criminals access to the business network or to confidential data.
“It’s like turning on a fancy home security alarm, but leaving a window open — you’ll be left playing catch-up after the bad guys get in.”
The survey revealed that 50% of the 2,000 employees surveyed had never heard of the term DDoS, and 60% had no knowledge of BEC. The study also found that seven in ten employees indicated they would be worried to report that they had compromised the security of their company to their boss.
“To ensure cyber resilience, employees need to be educated on the latest risks as soon as they are discovered – whether that’s the Royal Mail scam or the multitude of other threats,” Aldridge continued. “Organisations can achieve this by using templated phishing simulations that are reflective of the latest emerging scams.
“These should be implemented alongside strong and robust communication to employees and adequate technical defences, all of which will help to ensure cyber resilience.”
The findings come at a critical time when cybercriminal activity is increasing, with the average business targeted 28 times by cyber threats in the past year.