Think you can identify a suspicious email? If you answered “yes,” you might have a false sense of security against evolving cyber threats like ransomware. Overconfidence and other ransomware misperceptions could be opening your organization up to risk, according to survey findings released today by Veritas Technologies.
Employee Ransomware Misperceptions Revealed
More than two-thirds (68%) of non-IT employee respondents say they’re confident they can detect a phishing email that could lead to a ransomware infection. Notably, the youngest sample of respondents and presumably the most tech savvy, employees aged 18-24, aren’t as confident in their ability to spot a suspicious email as those age 25-44.
Regardless of their confidence level, the survey found that employees are still likely to open email, even when it seems suspicious, if it appears to come from a friend (63%) or colleague (63%). Similarly, questionable emails that appear related to employer benefits (60%), an online order (56%), or bank or credit card issuer (54%) also have a higher likelihood of being opened.
Employees say they look for signs like misspelled words (81%) or poor grammar (82%) to identify email phishing attempts, which have historically been telltale signs that messages come from hackers. The IT professionals included in the Veritas research, however, recognized in vast numbers (81%) that attackers now use AI to eliminate these giveaways.
IT Professionals Are Fighting Fire with Fire
The research also surfaced some encouraging steps many organizations are taking to protect their data against cyber threats. More than 80% of IT professionals report their organizations have invested more in technologies like AI to counter ransomware attacks.
Additionally, two-thirds (66%) say their organizations are implementing more frequent security audits. Stricter data access controls were also reported by 62%.
Other Research Findings
- Employees aren’t as concerned about ransomware as they should be. Not even half (only 49%) of employees are worried about opening the door to a ransomware attack through their work email. That said, nearly three-quarters (73%) of IT professionals report an increase in ransomware attacks against their organizations over the past six months.
- Employee training is the most popular defense, but is it enough? While 73% of IT professionals report having updated their employee security training, employees may not be getting better at spotting phishing attempts that could lead to ransomware. In fact, nearly one-third (30%) of IT professionals say they have not observed an increase in employee-reported ransomware attempts.
- Perception of hackers is evolving too slowly. The outdated assumption that hackers are basement-dwelling and socially awkward still lingers (53% of employees agree with that stereotype). However, most of today’s employees do correctly understand that hackers increasingly operate as part of large, international cybercrime organizations (79%).
Quote
Matt Waxman, senior vice president and general manager of data protection at Veritas, said: “In a world where entire online meetings can be falsified with deep-fake videos of senior executives to dupe employees, it’s concerning that many people still think phishing attempts are only going to come in the form of clumsily worded emails. This survey highlights the dangers of relying on employees to recognize ransomware attacks and the critical need for businesses to embrace their own AI-powered solutions to fight back.”
Survey Methodology
The surveys were conducted by Pollfish via online questionnaires during Q1 2024. The samples were 1,000 employed individuals aged 18+ in the US and 600 IT professionals aged 25 and older in the U.S.
