Attacks/Breaches

9/22/2017
11:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New Research from Intermedia Reveals a False Sense of Confidence Among Office Workers with Phishing Scams Still on the Rise

Despite continued education and awareness, one in five office workers continue to be a victim of costly phishing emails

Mountain View, CA – September 20, 2017 – Intermedia, a leading cloud business applications provider, today released Part 1 of its 2017 Data Vulnerability Report, which examines the security behavioral habits of more than 1,000 office workers in the United States.

Your employees are unknowingly granting hackers access

Despite organizations educating employees about cyber threats and security best practices, office workers continue to fall victim to attacks – and not just entry-level employees. Owners/executives (34%) and IT workers themselves (25%) report being victims of a phishing email more often than any other group of office workers.

Phishing, the process by which cyber criminals attempt to coerce email victims into making a financial transaction, disclosing login credentials or visiting a malware-laden website, is only getting worse as attacks become increasingly sophisticated and fool more and more employees into revealing critical company data. In fact, last year total phishing attacks surpassed 1.2 million – a year-over-year increase of 65%. According to the FBI, business-email compromise scams accounted for more than $5 billion in losses for businesses between October 2013 and December 2016.

With the recent Equifax breach, highly personal information was taken from up to 143 million individuals including names, birth dates, addresses, Social Security numbers, and drivers’ license numbers. Now there’s that much more ammunition out there to help scammers launch targeted phishing scams, impersonating someone within the organization or a trusted friend.

Phishing attacks have dramatically increased, but education efforts have not

In addition, while 70% of office workers say that their organization regularly communicates with employees about cyber threats as a means of prevention, significant gaps between confidence and effectiveness remain:

  • Security trainings are breeding a high level of confidence: 86% of office workers report that they feel confident in their ability to detect phishing emails.
  • Yet phishing techniques still fool office workers: Roughly one in five employees (21%) admit to being victims of phishing emails, and those are just the employees who admit it. Nearly a quarter of Gen X office workers (23%) and Boomer-aged office workers (23%) say they have been the victim of a phishing email, compared to 17% of millennial office workers.

While the number of attacks has dramatically increased in the past two years, employee training has not. Ryan Barrett, Intermedia’s Vice President of Security and Privacy, elaborates: “Today’s rapidly changing threat landscape makes it more important than ever for companies to educate employees on new types of cyberattacks and vulnerabilities. Take the recent Equifax breach, for example, which is by far the most invasive when you consider the sheer amount of sensitive personal data that’s been accessed. This incident further arms scammers and hackers with information to craft exceptionally compelling, targeted phishing attacks. At this point, businesses should assume that bad actors are going to try to use this information to gain access their systems.”

According to Intermedia’s 2015 Insider Risk Report, 72% of office workers said they had received training on their company’s security practices, compared to 70% in this year’s report. While employees are receiving training, the frequency and type of training isn’t comprehensive enough.

Barrett continues, “It is no longer enough to just talk to employees about these threats, as this type of education can actually lead to a false sense of security, as our latest study shows. Instead, companies need to offer regular interactive IT security trainings, simulate security incidents to help employees detect and prevent cyberattacks, and talk about the risks when big data breaches are in the news. While office workers are confident in their skills, they still are susceptible to breaches, and organizations need to be doing more to protect themselves.”

Part 1 of Intermedia’s 2017 Data Vulnerability Report tests the validity of employee confidence and awareness around phishing attacks. The report provides tips and advice about what companies should do to better protect themselves against future threats before costly compromises ever occur, including the need to offer their employees a reliable, affordable, and easy-to-manage solution.

This is the first part of an ongoing series. Parts 2 and 3 of this report will look at the financial implications of ransomware as well as data loss from employees’ actions within an organization. You can view Part 1 of the report, as well as sign up for series alerts, here.

Survey Methodology

This study was commissioned by Intermedia and delivered by Precision Sample®, an independent market research organization. Precision Sample has an active proprietary panel of over 3.5M respondents that is routinely validated with a stringent screening process including Verity® and RelevantID by Imperium®. Results derived from an 11-minute online survey instrument with 45 total questions, fielded June 1-5, 2017. Setup questions were used to ensure that only U.S. knowledge workers were in the sample, which was defined as those who routinely work in an office environment. Overall margin of error of +/- 2.95% at a 95% confidence interval.

 

About Intermedia

Intermedia integrates the essential IT applications that companies need to do business, including email, voice, backup and file sharing, productivity, identity and access management, security and archiving – all delivered by a single provider and integrated into one control panel. Intermedia services offer enterprise-grade security, a 99.999 percent uptime service level agreement and J.D. Power-certified 24/7 support.

 

With more than $200 million in annualized revenue, Intermedia’s 800+ employees serve more than 110,000 business customers and 6,500 active partners, including VARs, MSPs, distributors and telecoms. Its Partner Program lets partners sell under their own brand with control over billing, pricing and other elements of their customer relationships. Intermedia is the world’s largest independent provider of Exchange email in the cloud and a leading cloud voice service provider. For more information, visit Intermedia.net or connect with us on TwitterFacebook or LinkedIn.

 

Contacts

Melanie Lombardi
Intermedia
650.285.5857
[email protected]

 

Katie Halloran
LEWIS for Intermedia
619.308.5222
[email protected]

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
What We Talk About When We Talk About Risk
Jack Jones, Chairman, FAIR Institute,  7/11/2018
Ticketmaster Breach Part of Massive Payment Card Hacking Campaign
Jai Vijayan, Freelance writer,  7/10/2018
Major International Airport System Access Sold for $10 on Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  7/11/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Cyberspace is much less secure than my old lamp.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14346
PUBLISHED: 2018-07-17
GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).
CVE-2018-14347
PUBLISHED: 2018-07-17
GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).
CVE-2018-13858
PUBLISHED: 2018-07-17
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example.
CVE-2018-13859
PUBLISHED: 2018-07-17
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newV...
CVE-2018-13860
PUBLISHED: 2018-07-17
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id=_0" or "?oid...