Employees easy bait for phishing attacks

Office workers are putting organizations at risk by being overly trusting of online scammers, according to new research from global security software firm, Avecto.

After questioning 1,000 people whose jobs require them to use the internet on a daily basis, the company revealed 65% of workers would be wary of clicking a link in an email from an unknown sender. However, if that email appeared to be from a colleague, supplier, or friend over 68% would have no concerns about downloading content or clicking on links. This highlights a security risk that is often easily exploited by attackers who exploit human behavior to encourage employees to reveal confidential information or allow access into the wider business network.

The research also found a worrying level of security ignorance among respondents using social media. Over 37% of workers said they take no action to check or verify the identity of people they are connecting with online.

Avecto’s findings come as instances of phishing attacks reach new heights. It’s estimated that more than 90% of cyber attacks and resulting breaches in 2016 stemmed from a spear phishing email.

Andrew Avanessian, Vice President at Avecto, said:

“Social engineering and phishing isn’t a new phenomenon, it’s tried, tested and incredibly lucrative. What is surprising however is the ingenuity with which hackers will try and deceive their victims, finding new and ever more sophisticated ways of getting hold of personal information.

“These findings underline just how far we have to go before we can realistically eradicate these threats. User education is nowhere near where it should be and that, ultimately, is fatally undermining enterprise security. It’s often said that humans are the weakest link in the security chain and organizations must act now to plug this knowledge gap.”

Cyber security consultant and sociologist, Dr Jessica Barker added:

“People are susceptible to social engineering because these attacks exploit social norms and human nature, including reciprocity, curiosity and pride. As we become increasingly connected – at work, at home and intertwining the two – the opportunities and impacts of social engineering are increasing.

“Threats don’t just exist outside an organization, neither are they always perpetrated by some malevolent third party, sometimes they lie a lot closer to home.”  

For more information on social engineering and how to make sure you don’t become a victim, catch up on Avecto’s webinar with Dr Jessica Barker or download the “Know your threats: Social engineering” report.