Getting savvy on cyber-crime
Agovernment report published earlier this year found that just under half of UK businesses were affected by a cyber-attack in 2016, and that the most common type of attack was fraudulent e-mails, responsible for 72 per cent of attacks.
Increasingly, sophisticated phishing campaigns pose one of the most serious risks to businesses. Our own research into global cyber security trends has found that one in five workers (some 19 per cent) are not sure they could identify a phishing e-mail and this rises to a third on social media (32 per cent).
It is therefore of some concern that staff training to reduce this risk is thin on the ground, leaving many unable to prevent, identify or respond to an attack.
Large businesses in the UK can expect to face more than 80 cyber-attacks each year, with one in three breaching security. It’s therefore no surprise that companies are investing more than ever in security solutions. However, it is becoming clear that no matter how much they spend, businesses that fail to educate staff about cybersecurity put themselves at greater risk of being hacked.
Effective investment will not only enable practical solutions like stronger spam filters, cloud-based e-mail analytics, virus scanners and firewalls.
It will also ensure employees have the tools they need to recognise threats, including phishing scams, through prevention training and awareness programmes.
Ultimately, an organisation’s security is only as strong as its weakest link, which in many cases could actually be its own workforce.
Surveying some 2,000 people in the workplace, we found that more than half (about 55 per cent) cannot recall ever receiving training on cyber threats from their employer.
Some 46 per cent said they either can’t recall ever updating security software on their work device or haven’t been prompted to do so. Worryingly, too, one in four of those people surveyed would take more than an hour to escalate an issue if they suspected a cyber risk on their work device.
Yet, about 70 per cent of those who had received training said it improved their ability to recognise and respond to cyber threats, and one in four (around 23 per cent) thought training was the most effective protection against phishing and scams, more so than the police and authorities doing more to hunt hackers (4 per cent).
There is now pretty clear evidence that many companies’ workforces are becoming savvier on cyber issues, but clear areas of exposure remain.
The latest data outlined above suggests that some basic training for workers could have a huge impact on security, making this a missed opportunity for businesses. ● Rick Hemsley is the managing director at Accenture Security