57% of office workers do not know what phishing means, according to latest study

57% of office workers do not know what phishing means, according to latest study

Over half (57%) of staff failed to correctly define a phishing attack, demonstrating a lack of basic cybersecurity awareness amongst office workers. That’s according to a new study by cybersecurity technology provider, Encore.

An independent study of 100 C-level executives, 100 Chief Information Security Officers (CISOs) and 500 office workers in the US and the UK, conducted by Censuswide, sought to uncover the gap that remains between boards and security teams when it comes to addressing cyber demands.

A massive 90% of C-Suite executives believe they provide adequate cyber awareness training, with 80% of staff agreeing, yet workforces are rife with poor cyber hygiene practices.

Over a third (36%) of employees still use the same password for both work and personal devices, and 37% use personal devices for work purposes.

“Poor cyber hygiene remains prominent across industries while organisations have been under the illusion that they’re providing adequate training, which has ultimately led to some of the worst – and most devastating – cyber breaches in recent years,” comments Lior Arbel, CTO at Encore. “Coverage of basic cyber requirements has never been greater, yet practices within organisations fail to align.”

Also Read: Top 3 Industries Vulnerable to Cyber Attacks

The risk that employees pose to the security of their business is understood by leaders, with the majority of executives polled (71%) confident that they deploy enough safeguards around their staff to ensure the business remains completely secure, even in the event of human error.

However, over a fifth (21%) remain unconvinced by the safeguards in place, and a further 8% believe that employees are of no risk at all.

“Despite hundreds of reported breaches making the headlines each year – often featuring news of an exploited user account or an exposed password – it’s concerning that nearly a third of organisations have insufficient defences around the workforce,” Arbel continues.

Arbel believes that too many businesses treat cybersecurity training as a tick-box exercise. As the cyber goalposts continue to shift, it’s a recurring challenge to keep training courses up-to-date.

Arbel concludes: “A strong cybersecurity strategy relies on trust. Business leaders trust that their staff are being well trained, and each individual trusts that their employers are providing them with all the knowledge and tools they need to align themselves with security requirements. However, a gap between perceptions and reality has formed – and it needs bridging immediately.”

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.