Nearly half of UK employees are unable to identify scam emails, according to new research
New research has revealed nearly half of employees across the UK are unable to identify a scam email purporting to be from Royal Mail.
The survey was conducted in response to common scams circulating in the UK to better understand employee awareness of online security threats and popular attack methods.
These findings come at a time when cybercriminal activity is rife, with the average business targeted 28 times by cyber threats in the past year. And with nearly half of large organisations suffering network downtime lasting longer than one day due to phishing attacks, it’s clear businesses need to ensure staff are educated on risky IT behaviours that can lead to security compromises.
In fact, the survey reveals many employees are unaware of common terms related to cyber threats, with 50% revealing they had never heard of the term DDoS (distributed denial-of-service) and 60% had no knowledge of BEC (business email compromise). This demonstrates a clear need for organisations to cut the jargon when it comes to educating employees on cybersecurity.
Matt Aldridge, Principal BrightCloud Threat Intelligence Solutions Consultant at OpenText Security Solutions comments, “Security awareness is critically important for all organisations, as the employee is always the first line of defence in cyber security.
There’s no use investing in sophisticated cyber security software if employees click on dangerous phishing links and grant cyber-criminals access to the business network or to confidential data. It’s like turning on a fancy home security alarm, but leaving a window open — you’ll be left playing catch-up after the bad guys get in.
To ensure cyber resilience, employees need to be educated on the latest risks as soon as they are discovered – whether that’s the Royal Mail scam or the multitude of other threats. Organisations can achieve this by using templated phishing simulations that are reflective of the latest emerging scams. These should be implemented alongside strong and robust communication to employees and adequate technical defenses, all of which will help to ensure cyber resilience.”
Additional findings show over a quarter of employees in the UK have never completed any form of cyber risk training. Furthermore, seven-in-ten employees indicated they would be worried to report that they had compromised the security of their company to their boss. These findings indicate many UK organisations need to change their attitudes towards cybersecurity in order to improve employee vigilance.