†Intermedia, a leading cloud business applications provider, released Part 1 of its†2017 Data Vulnerability Report, which examines the security behavioral habits of more than 1,000 office workers in†the United States.
Your employees are unknowingly granting hackers access
Despite organizations educating employees about cyber threats and security best practices, office workers continue to fall victim to attacks – and not just entry-level employees. Owners/executives (34%) and IT workers themselves (25%) report being victims of a phishing email more often than any other group of office workers.
Phishing, the process by which cyber criminals attempt to coerce email victims into making a financial transaction, disclosing login credentials or visiting a malware-laden website, is only getting worse as attacks become increasingly sophisticated and fool more and more employees into revealing critical company data. In fact, last year total phishing attacks†surpassed 1.2 million†– a year-over-year increase of 65%.†According to the FBI, business-email compromise scams accounted for more than†$5 billion†in losses for businesses between†October 2013†and†December 2016.
With the†recent Equifax breach, highly personal information was taken from up to 143 million individuals including names, birth dates, addresses, Social Security numbers, and drivers’ license numbers. Now there’s that much more ammunition out there to help scammers launch targeted phishing scams, impersonating someone within the organization or a trusted friend.
Phishing attacks have dramatically increased, but education efforts have not
In addition, while 70% of office workers say that their organization regularly communicates with employees about cyber threats as a means of prevention, significant gaps between confidence and effectiveness remain:
- Security trainings are breeding a high level of confidence:†86% of office workers report that they feel confident in their ability to detect phishing emails.
- Yet phishing techniques still fool office workers:†Roughly one in five employees (21%) admit to being victims of phishing emails, and those are just the employees who admit it. Nearly a quarter of Gen X office workers (23%) and Boomer-aged office workers (23%) say they have been the victim of a phishing email, compared to 17% of millennial office workers.
While the number of attacks has dramatically increased in the past two years, employee training has not.†Ryan Barrett, Intermedia’s Vice President of Security and Privacy, elaborates: “Today’s rapidly changing threat landscape makes it more important than ever for companies to educate employees on new types of cyberattacks and vulnerabilities. Take the recent Equifax breach, for example, which is by far the most invasive when you consider the sheer amount of sensitive personal data that’s been accessed. This incident further arms scammers and hackers with information to craft exceptionally compelling, targeted phishing attacks. At this point, businesses should assume that bad actors are going to try to use this information to gain access their systems.”
According to Intermedia’s†2015 Insider Risk Report, 72% of office workers said they had received training on their company’s security practices, compared to 70% in this year’s report. While employees are receiving training, the frequency and type of training isn’t comprehensive enough.
Barrett continues, “It is no longer enough to just talk to employees about these threats, as this type of education can actually lead to a false sense of security, as our latest study shows. Instead, companies need to offer regular interactive IT security trainings, simulate security incidents to help employees detect and prevent cyberattacks, and talk about the risks when big data breaches are in the news. While office workers are confident in their skills, they still are susceptible to breaches, and organizations need to be doing more to protect themselves.”
Part 1 of Intermedia’s 2017 Data Vulnerability Report tests the validity of employee confidence and awareness around phishing attacks. The report provides tips and advice about what companies should do to better protect themselves against future threats before costly compromises ever occur, including the need to offer their employees a†reliable, affordable, and easy-to-manage solution.
This is the first part of an ongoing series. Parts 2 and 3 of this report will look at the financial implications of ransomware as well as data loss from employees’ actions within an organization.†
Survey Methodology
This study was commissioned by Intermedia and delivered by Precision Sample, an independent market research organization. Precision Sample has an active proprietary panel of over 3.5M respondents that is routinely validated with a stringent screening process including Verity and RelevantID by Imperium. Results derived from an 11-minute online survey instrument with 45 total questions, fielded†June 1-5, 2017. Setup questions were used to ensure that only U.S. knowledge workers were in the sample, which was defined as those who routinely work in an office environment. Overall margin of error of +/- 2.95% at a 95% confidence interval.
About Intermedia
Intermedia integrates the essential IT applications that companies need to do business, including email, voice, backup and file sharing, productivity, identity and access management, security and archiving – all delivered by a single provider and integrated into one control panel. Intermedia services offer enterprise-grade security, a 99.999 percent uptime service level agreement, and J.D. Power-certified 24/7 support.
With more than†$200 million†in annualized revenue, Intermedia’s 800+ employees serve more than 110,000 business customers and 6,500 active partners, including VARs, MSPs, distributors, and telecoms. Its Partner Program lets partners sell under their own brand with control over billing, pricing and other elements of their customer relationships. Intermedia is the world’s largest independent provider of Exchange email in the cloud and a leading cloud voice service provider.†