Data breaches hit the headlines last year, but they have seemingly had little impact on how IT decision makers view the risks to their organisations.
According to new research from KnowBe4, less than four in ten (37 percent) Australian IT decision-makers say they are concerned about phishing as a risk to their organisation, compared with almost the same number (38 percent) in 2021.
Even fewer are concerned about Business Email Compromise (BEC) – 27 percent compared with 28 percent in 2021.
Alarmingly, less than four in ten (37 percent – 42 percent in 2021) IT decision makers say they are confident they would know the steps they would need to take following a cyber incident or data breach in their organisation.
Furthermore, just four in ten Australian IT decision makers believe the employees in their organisations understand the business impact of falling victim to a cyber attack (42 percent – 40 percent in 2021), are confident their employees can identify phishing and BEC emails (38 percent – 42 percent in 2021), and that their employees report all emails they believe to be suspicious (38 percent – 39 percent in 2021).
Jacqueline Jayne, Security Awareness Advocate for APAC at KnowBe4 is concerned: “When those charged with keeping a business secure are unaware of the risks and employees are unable to identify scam emails and SMS messages, their organisations are at significant risk. According to the ACCC, Australians lost a record $424.8 million to scams from January to September 2022 (up a massive 90 percent over the same time the previous year). If those in charge of security are unaware of best practices, then they cannot educate and train employees.”
Employees’ behaviour putting organisations at risk
Fortunately, the recent data breaches do seem to have improved employees’ password hygiene. A quarter (26 percent) of Australian office workers admit to using the same password for more than one account, which is significantly less than in 2021 (34 percent in 2021).
However, that’s where the good news ends. Employees of all ages are engaging in risky behaviour, with more than one in ten admitting to using their work email address (13 percent) and their work phone (16 percent) for personal activities. Three in ten (30 percent) don’t believe using their work email for personal activity is a security risk to their employer.
Only just over half say they never engage with suspicious emails (56 percent – 57 percent in 2021) and suspicious SMSs (54 percent – 57 percent in 2021), with only four in ten (40 percent, the same as in 2021) saying they always report suspicious emails and SMSs to the IT team responsible for cybersecurity.
“When employees are using their work email address for personal activities such as online shopping, they are much more likely to fall victim to a phishing attack that uses a hook such as delivery delays to entice the victim to click through. Having a clear separation between work and personal activities makes it much easier to spot when an email is a scam – if you know you never shop online using your work email address, then you know that email from Amazon cannot be real,” explains Jayne.
“How employees perceive their role is a critical factor in sustaining or endangering the security of the organisation,” explains Jayne. “It is imperative that employees are educated on securing not only their professional, but personal environments. What they learn and how they incorporate into everyday behaviours and attitudes is then completely transferable into their personal lives and will protect their own data.”
Younger employees are most risky
The KnowBe4 research reveals that younger office workers may be at highest risk of cyber attacks. They are more likely than their older counterparts to:
- Engage with suspicious emails (Gen Z 62 percent and Millennials 51 percent compared to Gen X 39 percent and Baby Boomers 21 percent)
- Engage with suspicious SMSs (Millennials 55 percent compared to Gen X 43 percent and Baby Boomers 24 percent)
- Say they are not confident that they could identify suspicious emails (Gen Z 61%, Millennials 45% and Gen X 46%, compared to Baby Boomers 34%).
