IT and Business Insights for SMB Solution Providers

Webroot Report: Nearly Half of Employees Confess to Clicking Links in Potential Phishing Emails at Work

BROOMFIELD, Colo., Sept. 24, 2019 /PRNewswire/ -- Webroot, a Carbonite (CARB) company, released a report, Hook, Line and Sinker: Why Phishing Attacks Work, that sheds light on psychological factors impacting an individual's decision to click on a phishing email. Executed in partnership with Wakefield Research, the report surveyed 4,000 office professionals from the U.S., U.K., Japan and Australia (1,000 per region) to determine what people know about phishing tactics, what makes them click on a potentially malicious link and other security habits.

While a majority (79%) of people reported being able to distinguish a phishing message from a genuine one, nearly half (49%) also admit to having clicked on a link from an unknown sender while at work. Further, nearly half (48%) of respondents said their personal or financial data had been compromised by a phishing message. However, of that group more than a third (35%) didn't take the basic step of changing their passwords following a breach. Not only is this false confidence potentially harmful to an employee's personal and financial data, but it also creates risks for companies and their data.

There is no foolproof way to prevent being phished but taking a layered approach to cybersecurity including ongoing user training will significantly reduce risk exposure. As Forrester points out in its report, Now Tech: Security Awareness and Training Solutions, Q1 2019, "your workforce should treat cybersecurity awareness with the same importance they use for ensuring that their projects, products, and messages are on key with company brand. Invest in solutions that weave security best practices throughout your corporate culture."

Read the Full Webroot Report: Hook, Line and Sinker: Why Phishing Attacks Work

Notable Findings:

Employees are falsely confident when it comes to knowledge of phishing

79% of participants say they can distinguish a phishing message from a genuine one

81% of participants are aware that phishing attempts can occur through email, but fail to recognize the many other ways hackers conduct phishing attacks:

60% of participants believe phishing attempts can come through social media

59% of participants believe phishing can come via text or SMS messages

43% of participants believe that phishing attempts are made via phone calls

Only 22% believe phishing attempts can come through video chat

Nearly half (48%) of participants say they have had their personal or financial data compromised, but many fail to take basic cyber hygiene action following that exposure

In the wake of a data exposure, only:

65% of participants changed their passwords, meaning 35% did not change their password

48% of participants ordered a new credit card

43% of participants set up alerts with their credit agency

Security habits leave businesses vulnerable

Nearly half (49%) of participants admit to clicking on a link from an unknown sender while at work, with nearly one third of respondents overall (29%) admitting to doing so more than once

Of those who clicked a link from an unknown sender at work:

A majority (74%) did so via email

34% clicked on links via social media

29% clicked on links sent via text or SMS

Of the 67% of respondents who know they've received a phishing message at work, 39% did not report it

Employees are more click happy outside of work

In a typical day when not working, 70% of employees are likely to click on at least one link received via email

31% of participants click on more than 25 personal-life links a day

56% of participants are more likely to click on a link or open an attachment from an unknown source on their personal computer

Nearly two-thirds of respondents (60%) are most likely to open an email from their boss first, compared to:

55% who would first open a message from a family member or friend

31% who would first open a request from their bank to confirm a transaction

28% of people would first open a message with a discount offer from a store

Key Quote:
George Anderson, Product Marketing Director, Webroot, a Carbonite Company
"Phishing attacks continue to grow in popularity because, unfortunately, they work. Hackers and criminals weaponize the simple act of clicking and employ basic psychological tricks to inspire urgent action. It is vital that consumers educate themselves on how to protect both their personal and financial data and what steps to take if their information is compromised or stolen.

For businesses that means implementing regular simulated phishing and external attacks that address the various ways hackers attempt to breach organizations through their users. By combining the latest detection, protection, prevention and response technology with consistent attack training and education, IT Security departments can tackle the people, process and technology combinations needed to successfully mitigate attacks."

Key Quote:
Cleotilde Gonzalez, Ph.D., Research Professor, Carnegie Mellon University
"Security and productivity are always in a tradeoff. People put off security because they are too busy doing something with a more 'immediate' reward. These findings illuminate the pertinent need for a mindset makeover, where the longer-term reward of security doesn't get put on the back burner."

Additional Resources:

Webroot Security Awareness Training

Webroot's 2019 Annual Threat Report

Phishing: Don't Take the Bait

'Smishing': An Emerging Trend of Phishing Scams via Text Messages

Just Keep Swimming: How to Avoid Phishing on Social Media

SOURCE Webroot

Related Links

http://www.webroot.com

ChannelPro SMB Magazine
SUBSCRIBE FREE!

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.