Cybersecurity experts at KnowBe4 released a new report early last week detailing the cybersecurity education of the workforce in the United States. The report found that 45 percent of Americans claim that they aren’t responsible for cybersecurity, because they work in separate departments than the IT department. Further, one in five Americans say that they believe cybersecurity is too complicated to understand. This study was conducted in tandem with the results of another study, which showed that 31 percent of Americans say they don’t think they can protect themselves against a cyberattack.
A new study was recently done on the state of internet security among US employees. The study was conducted by KnowBe4, a provider of simulated phishing attacks. The study shows that employees are being careless about internet security. More than 1,000 US employees were surveyed. According to the study, 24% believe clicking on an email is not risky, while only 31% believe they are at risk of security threats by sharing work devices with friends and family. More than half (52%) think that they are safe from being targeted by cybercriminals. These are all possible security threats that can be easily prevented by using emails with simulated phishing attacks.
In reality, however, employees are the first line of defense for virtually all companies these days. A variety of experts say that cybersecurity awareness training is essential for every organization, as the majority of attacks start with a phishing email or a social media-borne fraud attempt.
The survey showed that there is still a steep learning curve for many organizations when it comes to cyberattacks. The most common methods for employees to fall victim to social engineering attacks are phishing, spear phishing, and vishing, or phone phishing. Phishing involves sending an email that appears to be from a known entity in hopes that the recipient will click on a link and divulge sensitive data. Spear phishing uses specific details to fool employees. Phishing is done over the phone and usually involves a caller pretending to be an IT technician or a representative of a company. KnowBe4’s survey also showed that employees still fall for phishing attacks constantly. This should not be surprising as these attacks are still wildly successful.
Those working in government, healthcare and education have the poorest understanding of social engineering threats, the report said.