The investigation also concluded that employees in management job posts show worse handling of malicious mails than employees in low and middle posts
Despite significant efforts deployed by many American organizations to raise awareness among their employees on information security issues, a recent research shows that many areas are still to be strengthened.
According to the annual report on the state of privacy and security of a cybersecurity and digital forensics firm, 75% of the employees surveyed present a moderate or serious risk to the data security of their organization, while 85% of the financial-areas workers show a lack of data security and privacy information habits and knowledge.
Tom Pendergast, digital forensics specialist in charge of the investigation, mentions that more than 1,000 employees of companies in the United States were surveyed to quantify the state of privacy and security awareness in 2018. This year, the number of people considered as a risk to the security of their organizations increased considerably with respect to the last report made by the firm last year.
“Overall, the results show an unsatisfactory trend, as respondents got worse results in all areas compared to the previous year”, says Pendergast. “Still, I would be really surprised if, in five years, there is no significant improvement. There is growing cultural and business awareness on the need to cover the privacy of information”, the expert mentions.
The firm based its study on a variety of questions based on real world cases, such as the correct identification of personal information, connection to public WiFi habits, and detection of phishing emails. From the answers obtained, respondents were divided into three categories of risk: risky, rookie and heroic.
Among the main findings of the research are:
- Respondents’ performance was worse this year in all categories that were measured. Respondents qualifications were unsatisfactory in categories like identification of malware, phishing emails and risks in the use of social networks
- Managers showed more risky habits than lower posts employees in the categories of malware and malicious emails identification. Only 69% of managers responded correctly, in contrast to 86% of lower-level employees
- Out of the seven industrial sectors surveyed, employees in finance areas obtained the lowest scores. 85% showed a worrisome lack of knowledge in cybersecurity and data protection measures
- 14% of all surveyed employees cannot identify phishing emails
For the digital forensics specialists from the International Institute of Cyber Security, this 14% of unaware employees is more than enough for hackers to find a way to attack an organization, because a single mistake could let malware enter the structure of a company. Only one person is required to click the wrong place for this threat to enter the organization. If this happens, the information of everyone who works there will be compromised.