New Research Exposes Lack of Phishing Consciousness and Data Safety Training

There is a generally held opinion amongst IT staff that workers are the main data safety risk; nevertheless, when it comes right down to phishing, even IT safety staff aren’t protected. According to a latest survey by Intermedia, one-fourth of IT employees confessed to falling for a phishing racket, compared to one fifth office employees (21 percent), and 34 percent of business owners and high-execs.

For its 2017 Data Susceptibility Statement, Intermedia surveyed over 1,000 full-time employees and asked queries about data safety and the manners that can result in data breaches, ransomware, and malware attacks.

When all it takes is for one worker to fall for a phishing electronic mail to undermine a computer network, it’s shocking that 14% of office employees either lacked self-confidence in their capability to notice phishing attacks or were not conscious about phishing.

Self-confidence in the capability to notice phishing rackets was usually high among office employees, with 86% thinking they might identify phishing emails, even though awareness of illegal computer software was found to be missing, particularly among female employees. 40% of female employees didn’t know what ransomware was, as compared to 28% of male employees. 31% of respondents stated they didn’t know what illegal computer software was before partaking in staff training periods.

The survey exposed security consciousness training was missing at many companies. 30% of office employees said they didn’t get regular training on the method to cope with cyber dangers. Although the threat level has increased considerably in the last two years, several businesses haven’t replied. The 2015 data susceptibility report indicates 72% of businesses repeatedly conveyed cyber threat information to workers and offered regular teaching, however in 2017 little has altered. Just 70% of businesses offer threat information and regular training to workers. 11% of businesses provided no security training at all.

The lately circulated Global Condition of Security Analysis by Pricewaterhouse Coopers that was carried out internationally on 9,500 executives in 122 countries indicates the fraction of businesses that don’t provide safety consciousness training might well be far more – 48% of responders to that analysis said they have no worker safety consciousness training program ready.

Several Employees Pay Redemptions Individually

Among the most remarkable insights into ransomware attacks on companies from the Intermedia study was several workers are so nervous and worried about installing illegal computer software that they pay the redemption demand out of their own wallet.

Out of the office employees that had faced a ransomware attack, 59% individually paid the redemption. 37% said the redemption was paid by their company. The average redemption payment was $1,400. The redemption was usually paid swiftly in the expectation that data might be reestablished before anybody else found out regarding the attack.

Although workers were not questioned whether they would be made to pay the redemption by their companies, paying the redemption swiftly to avoid anybody discovering the attack is not likely to work. Even when the redemption is paid, companies still experience substantial downtime. The same analysis also shows one in five redemption payments will not get workable decryption keys delivered by the attackers.