Phishing attacks are on the rise, and employees at all levels of the enterprise are falling victim, according to Intermedia's 2017 Data Vulnerability Report, released on Wednesday.
Entry-level employees—commonly blamed for cyber breaches—are not the only ones at fault, the report found: 34% of executives/owners and 25% of IT workers themselves report being victims of a phishing email, more often than any group of office workers.
Phishing attacks surpassed 1.2 million last year—a year-over-year increase of 65%, according to a report from APWG. These attacks are becoming increasingly sophisticated, the report noted, and are more successful at tricking employees into clicking on a malicious link or download.
In response, companies are increasingly offering cybersecurity trainings to employees: 70% of office workers surveyed said that their organization regularly communicates with employees about cyber threats as a means of prevention, according to the report. These trainings appear to be working, as 86% of office workers said that they feel confident in their ability to detect phishing emails. However, 21% of employees report that they fell victim to one of these email attacks. Gen X employees (23%) as well as Baby Boomer employees (23%) were more likely to say they had faced a phishing attack than millennial workers (17%).
SEE: Information security incident reporting policy (Tech Pro Research)
"Today's rapidly changing threat landscape makes it more important than ever for companies to educate employees on new types of cyberattacks and vulnerabilities," Ryan Barrett, Intermedia's vice president of security and privacy, said in a press release.
The recent Equifax breach and the information accessed from it further arms scammers and hackers with information to craft targeted phishing attacks, Barrett added. "At this point, businesses should assume that bad actors are going to try to use this information to gain access their systems," he said in the release.
The report findings demonstrate that it's no longer enough to just talk to employees about security threats, Barrett said in the release.
"This type of education can actually lead to a false sense of security, as our latest study shows," he said. "Instead, companies need to offer regular interactive IT security trainings, simulate security incidents to help employees detect and prevent cyberattacks, and talk about the risks when big data breaches are in the news. While office workers are confident in their skills, they still are susceptible to breaches, and organizations need to be doing more to protect themselves."
You can learn more about how to better train employees on cybersecurity here.
Want to use this data in your next business presentation? Feel free to copy and paste these top takeaways into your next slideshow.
- 34% of executives/owners and 25% of IT workers themselves report being victims of a phishing email, more often than any group of office workers. -Intermedia, 2017
- 86% of office workers said that they feel confident in their ability to detect phishing emails. -Intermedia, 2017
- 21% of employees report that they fell victim to one of these email attacks. -Intermedia, 2017
- Why SMBs are at high risk for ransomware attacks, and how they can protect themselves (TechRepublic)
- AI, IoT and the end of Moore's Law add to US national security worries (ZDNet)
- 4 questions businesses should be asking about cybersecurity attacks (TechRepublic)
- Gmail fake Docs attack: Now Google tightens OAuth rules to block phishing (ZDNet)
- Lunch and learn: Dealing with the risks of identity theft (Tech Pro Research)
Alison DeNisco Rayome is a Staff Writer for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.