Within the IT community and amongst the teams at Loop Secure and Proofpoint; phishing, ransomware and vishing are terms that are widely known and understood. However, end consumers and users may be completely unaware.
In the Proofpoint 2020 User Risk Report titled ‘The Proofpoint 2020 State of the Phish’, Proofpoint surveyed 3,500 employed adult professionals on an international scale to better understand the knowledge around security awareness and security related issues. Proofpoint surveyed countries including United States, Australia, France, Germany, Japan, Spain and the UK.
The results were somewhat concerning as it became clear many users are not aware of some of the basic security terms or risks that could impact them as employees or their wider organisation. For example, 61% of users knew and could accurately define the term ‘phishing’ and understood what the actual risk to the business was. This is comparatively low, considering that 39% of the people surveyed wouldn’t be able to identify a phishing attack if it targeted them. Even less of those surveyed understood the terms or impacts of ransomware, smishing and vishing.
It’s essential to understand where your users are at in order to effectively educate them on security over the long term. The recent 2020 survey depicted that 16% of users are using the same 1 to 2 passwords for every account, demonstrating the ease in which that data could become compromised and this could significantly impact employers and organisations.
Additionally, the report found that 32% of users don’t know what a VPN is and 10% of users don’t lock their smartphone, indicating that awareness of security risks and education of preventative methods for security are not widely known on a global level. This leaves small to medium large enterprises open to attack on multiple levels, with volumes of employees not valuing the protection of their devices, sites and applications.
Another interesting find is that many employees will share their password data inside and outside of the workplace, with more than half of employees permitting friends and family to utilise corporate devices for personal use. Again, this leaves organisations and IT leadership in a precarious situation and open to being a target for cyber-attack.
On a positive note, each year that Proofpoint has facilitated this survey, awareness levels have increased. Approximately 95% of organisations had some kind of security awareness program in place according to the 2020 survey, which indicates progress on many levels, however it’s still an area that operates out of a vacuum, usually disconnected from other departments.
Given that about 99% of security attacks require the user to take some kind of action in order to be successful in eliminating risk, it’s not going to cut it to check a compliance box once a year when it comes to protecting your organisation and its staff from cyber-attacks like phishing. Security needs to be prioritised as a key protective measure, on a continual basis.
Loop Secure and Proofpoint know that the most effective form of cybersecurity protection is through awareness and training, with an educated workforce being at the frontline of cybersecurity defence – and armed with tools such as Proofpoint’s email reporting add-in.
To learn more, join us on Tuesday the 18th of August at 12.30pm on our webinar "Managing the Human Element of Risk through Cybersecurity Awareness Training"