Attacks/Breaches
9/22/2017
11:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New Research from Intermedia Reveals a False Sense of Confidence Among Office Workers with Phishing Scams Still on the Rise

Despite continued education and awareness, one in five office workers continue to be a victim of costly phishing emails

Mountain View, CA – September 20, 2017 – Intermedia, a leading cloud business applications provider, today released Part 1 of its 2017 Data Vulnerability Report, which examines the security behavioral habits of more than 1,000 office workers in the United States.

Your employees are unknowingly granting hackers access

Despite organizations educating employees about cyber threats and security best practices, office workers continue to fall victim to attacks – and not just entry-level employees. Owners/executives (34%) and IT workers themselves (25%) report being victims of a phishing email more often than any other group of office workers.

Phishing, the process by which cyber criminals attempt to coerce email victims into making a financial transaction, disclosing login credentials or visiting a malware-laden website, is only getting worse as attacks become increasingly sophisticated and fool more and more employees into revealing critical company data. In fact, last year total phishing attacks surpassed 1.2 million – a year-over-year increase of 65%. According to the FBI, business-email compromise scams accounted for more than $5 billion in losses for businesses between October 2013 and December 2016.

With the recent Equifax breach, highly personal information was taken from up to 143 million individuals including names, birth dates, addresses, Social Security numbers, and drivers’ license numbers. Now there’s that much more ammunition out there to help scammers launch targeted phishing scams, impersonating someone within the organization or a trusted friend.

Phishing attacks have dramatically increased, but education efforts have not

In addition, while 70% of office workers say that their organization regularly communicates with employees about cyber threats as a means of prevention, significant gaps between confidence and effectiveness remain:

  • Security trainings are breeding a high level of confidence: 86% of office workers report that they feel confident in their ability to detect phishing emails.
  • Yet phishing techniques still fool office workers: Roughly one in five employees (21%) admit to being victims of phishing emails, and those are just the employees who admit it. Nearly a quarter of Gen X office workers (23%) and Boomer-aged office workers (23%) say they have been the victim of a phishing email, compared to 17% of millennial office workers.

While the number of attacks has dramatically increased in the past two years, employee training has not. Ryan Barrett, Intermedia’s Vice President of Security and Privacy, elaborates: “Today’s rapidly changing threat landscape makes it more important than ever for companies to educate employees on new types of cyberattacks and vulnerabilities. Take the recent Equifax breach, for example, which is by far the most invasive when you consider the sheer amount of sensitive personal data that’s been accessed. This incident further arms scammers and hackers with information to craft exceptionally compelling, targeted phishing attacks. At this point, businesses should assume that bad actors are going to try to use this information to gain access their systems.”

According to Intermedia’s 2015 Insider Risk Report, 72% of office workers said they had received training on their company’s security practices, compared to 70% in this year’s report. While employees are receiving training, the frequency and type of training isn’t comprehensive enough.

Barrett continues, “It is no longer enough to just talk to employees about these threats, as this type of education can actually lead to a false sense of security, as our latest study shows. Instead, companies need to offer regular interactive IT security trainings, simulate security incidents to help employees detect and prevent cyberattacks, and talk about the risks when big data breaches are in the news. While office workers are confident in their skills, they still are susceptible to breaches, and organizations need to be doing more to protect themselves.”

Part 1 of Intermedia’s 2017 Data Vulnerability Report tests the validity of employee confidence and awareness around phishing attacks. The report provides tips and advice about what companies should do to better protect themselves against future threats before costly compromises ever occur, including the need to offer their employees a reliable, affordable, and easy-to-manage solution.

This is the first part of an ongoing series. Parts 2 and 3 of this report will look at the financial implications of ransomware as well as data loss from employees’ actions within an organization. You can view Part 1 of the report, as well as sign up for series alerts, here.

Survey Methodology

This study was commissioned by Intermedia and delivered by Precision Sample®, an independent market research organization. Precision Sample has an active proprietary panel of over 3.5M respondents that is routinely validated with a stringent screening process including Verity® and RelevantID by Imperium®. Results derived from an 11-minute online survey instrument with 45 total questions, fielded June 1-5, 2017. Setup questions were used to ensure that only U.S. knowledge workers were in the sample, which was defined as those who routinely work in an office environment. Overall margin of error of +/- 2.95% at a 95% confidence interval.

 

About Intermedia

Intermedia integrates the essential IT applications that companies need to do business, including email, voice, backup and file sharing, productivity, identity and access management, security and archiving – all delivered by a single provider and integrated into one control panel. Intermedia services offer enterprise-grade security, a 99.999 percent uptime service level agreement and J.D. Power-certified 24/7 support.

 

With more than $200 million in annualized revenue, Intermedia’s 800+ employees serve more than 110,000 business customers and 6,500 active partners, including VARs, MSPs, distributors and telecoms. Its Partner Program lets partners sell under their own brand with control over billing, pricing and other elements of their customer relationships. Intermedia is the world’s largest independent provider of Exchange email in the cloud and a leading cloud voice service provider. For more information, visit Intermedia.net or connect with us on TwitterFacebook or LinkedIn.

 

Contacts

Melanie Lombardi
Intermedia
650.285.5857
[email protected]

 

Katie Halloran
LEWIS for Intermedia
619.308.5222
[email protected]

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Cybersecurity's 'Broken' Hiring Process
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/11/2017
How Systematic Lying Can Improve Your Security
Lance Cottrell, Chief Scientist, Ntrepid,  10/11/2017
Ransomware Grabs Headlines but BEC May Be a Bigger Threat
Marc Wilczek, Digital Strategist & CIO Advisor,  10/12/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.