As the world of hacking and cybercrime becomes more involved and complex, many of us forget about the humble phishing scam. However, employees opening this kind of email and interacting with it in some way remains one of the biggest threats to business. This is why 80% of organisations now have a process that employees should use to report phishing emails – BUT A survey of over 200 IT professionals at this year’s InfoSecurity Europe found that most employees simply don’t report these emails.
The numbers
The figures from the survey indicate that half of those who were questioned thought that less than 25% of these kinds of emails were being reported. This will come as quite a shock to most employers, many of whom are all too aware of the dangers posed by naïve or careless employees presented with a phishing email. 64% believe that email is the weakest entry point that could potentially allow hackers a way in. More worryingly Software Advice research found that only 36% of employees felt they could recognise and resist a phishing attack and 39% say they have already opened a suspicious email
Employees are key
Most phishing emails are targeted to avoid being detected by spam filters and anti-phishing software and as the detection methods become more advanced, so too do the ways of bypassing them. Well educated and aware employees are one of the key elements in the fight against cyber crime – encouraging employees to use the reporting procedures in place is one of the key elements of business digital security and key to infrastructure and security management. Employees might be taken in by an email or they might have such a full inbox that it’s just not a priority to stop and think when time is of the essence – these are both potential reasons for the worrying statistics above.
The consequences
Phishing emails normally contain malware and once this type of programme is allowed into a computer then that opens the door to the rest of the network. This can have widespread repercussions that go way beyond a single compromised computer.
Although the ideal situation is employees to never fall for a phishing scam, we don’t live in an ideal world. If employees are, at least, reporting these issues then IT teams are aware of them and can start looking for other entry points and act fast to deal with any consequent issues. Backing up your security by adding quality network and security management can also provide peace of mind in the face of human error.
