Nearly half of UK employees are unable to identify fraudulent emails

New research has revealed that almost half of employees across the UK are unable to identify a fraudulent email pretending to be from the Royal Mail.

The survey was conducted in response to common scams circulating in the UK to better understand employees’ awareness of online security threats and popular attack methods.

These results come at a time when cybercrime activity is widespread, with the average company targeted 28 times by cyber threats in the past year. And with nearly half of large organizations suffering from network downtime lasting longer than one day due to phishing attacks, it is clear that companies need to ensure that staff are trained in risky IT behaviors that can lead to security compromises.

In fact, the survey reveals that many employees are unaware of common terms related to cyber threats, with 50% revealing that they had never heard of the term DDoS (distributed denial-of-service) and 60% having no knowledge of BEC (business email compromise ). ). This shows a clear need for organizations to cut the jargon when it comes to educating employees on cybersecurity.

Matt Aldridge, Principal BrightCloud Threat Intelligence Solutions Consultant at OpenText Security Solutions comments: “Security awareness is crucial for any organization as employee is always the first line of defense in cybersecurity.

There is no point in investing in sophisticated cybersecurity software if employees click on dangerous phishing links and give cybercriminals access to corporate networks or to confidential data. It’s like lighting a fancy security alarm in your home, but leaving a window open – you’ll be left behind by playing catch-up once the bad guys have entered.

To ensure cyber resilience, employees need to be educated about the latest risks as soon as they are discovered – whether it’s the Royal Mail scam or the many other threats. Organizations can achieve this by using template-based phishing simulations that reflect the latest new scams. These should be implemented together with strong and robust communication to employees and adequate technical defense, all of which will help ensure cyber resilience. “

Further results show that over a quarter of UK employees have never completed any form of cyber-risk training. Furthermore, seven out of ten employees indicated that they would be concerned about reporting that they had compromised the safety of their company to their boss. These results indicate that many UK organizations need to change their attitudes towards cybersecurity in order to improve employee alertness.

Leave a Reply

Your email address will not be published. Required fields are marked *