Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

9/22/2017
11:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New Research from Intermedia Reveals a False Sense of Confidence Among Office Workers with Phishing Scams Still on the Rise

Despite continued education and awareness, one in five office workers continue to be a victim of costly phishing emails

Mountain View, CA – September 20, 2017 – Intermedia, a leading cloud business applications provider, today released Part 1 of its 2017 Data Vulnerability Report, which examines the security behavioral habits of more than 1,000 office workers in the United States.

Your employees are unknowingly granting hackers access

Despite organizations educating employees about cyber threats and security best practices, office workers continue to fall victim to attacks – and not just entry-level employees. Owners/executives (34%) and IT workers themselves (25%) report being victims of a phishing email more often than any other group of office workers.

Phishing, the process by which cyber criminals attempt to coerce email victims into making a financial transaction, disclosing login credentials or visiting a malware-laden website, is only getting worse as attacks become increasingly sophisticated and fool more and more employees into revealing critical company data. In fact, last year total phishing attacks surpassed 1.2 million – a year-over-year increase of 65%. According to the FBI, business-email compromise scams accounted for more than $5 billion in losses for businesses between October 2013 and December 2016.

With the recent Equifax breach, highly personal information was taken from up to 143 million individuals including names, birth dates, addresses, Social Security numbers, and drivers’ license numbers. Now there’s that much more ammunition out there to help scammers launch targeted phishing scams, impersonating someone within the organization or a trusted friend.

Phishing attacks have dramatically increased, but education efforts have not

In addition, while 70% of office workers say that their organization regularly communicates with employees about cyber threats as a means of prevention, significant gaps between confidence and effectiveness remain:

  • Security trainings are breeding a high level of confidence: 86% of office workers report that they feel confident in their ability to detect phishing emails.
  • Yet phishing techniques still fool office workers: Roughly one in five employees (21%) admit to being victims of phishing emails, and those are just the employees who admit it. Nearly a quarter of Gen X office workers (23%) and Boomer-aged office workers (23%) say they have been the victim of a phishing email, compared to 17% of millennial office workers.

While the number of attacks has dramatically increased in the past two years, employee training has not. Ryan Barrett, Intermedia’s Vice President of Security and Privacy, elaborates: “Today’s rapidly changing threat landscape makes it more important than ever for companies to educate employees on new types of cyberattacks and vulnerabilities. Take the recent Equifax breach, for example, which is by far the most invasive when you consider the sheer amount of sensitive personal data that’s been accessed. This incident further arms scammers and hackers with information to craft exceptionally compelling, targeted phishing attacks. At this point, businesses should assume that bad actors are going to try to use this information to gain access their systems.”

According to Intermedia’s 2015 Insider Risk Report, 72% of office workers said they had received training on their company’s security practices, compared to 70% in this year’s report. While employees are receiving training, the frequency and type of training isn’t comprehensive enough.

Barrett continues, “It is no longer enough to just talk to employees about these threats, as this type of education can actually lead to a false sense of security, as our latest study shows. Instead, companies need to offer regular interactive IT security trainings, simulate security incidents to help employees detect and prevent cyberattacks, and talk about the risks when big data breaches are in the news. While office workers are confident in their skills, they still are susceptible to breaches, and organizations need to be doing more to protect themselves.”

Part 1 of Intermedia’s 2017 Data Vulnerability Report tests the validity of employee confidence and awareness around phishing attacks. The report provides tips and advice about what companies should do to better protect themselves against future threats before costly compromises ever occur, including the need to offer their employees a reliable, affordable, and easy-to-manage solution.

This is the first part of an ongoing series. Parts 2 and 3 of this report will look at the financial implications of ransomware as well as data loss from employees’ actions within an organization. You can view Part 1 of the report, as well as sign up for series alerts, here.

Survey Methodology

This study was commissioned by Intermedia and delivered by Precision Sample®, an independent market research organization. Precision Sample has an active proprietary panel of over 3.5M respondents that is routinely validated with a stringent screening process including Verity® and RelevantID by Imperium®. Results derived from an 11-minute online survey instrument with 45 total questions, fielded June 1-5, 2017. Setup questions were used to ensure that only U.S. knowledge workers were in the sample, which was defined as those who routinely work in an office environment. Overall margin of error of +/- 2.95% at a 95% confidence interval.

 

About Intermedia

Intermedia integrates the essential IT applications that companies need to do business, including email, voice, backup and file sharing, productivity, identity and access management, security and archiving – all delivered by a single provider and integrated into one control panel. Intermedia services offer enterprise-grade security, a 99.999 percent uptime service level agreement and J.D. Power-certified 24/7 support.

 

With more than $200 million in annualized revenue, Intermedia’s 800+ employees serve more than 110,000 business customers and 6,500 active partners, including VARs, MSPs, distributors and telecoms. Its Partner Program lets partners sell under their own brand with control over billing, pricing and other elements of their customer relationships. Intermedia is the world’s largest independent provider of Exchange email in the cloud and a leading cloud voice service provider. For more information, visit Intermedia.net or connect with us on TwitterFacebook or LinkedIn.

 

Contacts

Melanie Lombardi
Intermedia
650.285.5857
[email protected]

 

Katie Halloran
LEWIS for Intermedia
619.308.5222
[email protected]

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-25329
PUBLISHED: 2021-03-01
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previousl...
CVE-2021-25122
PUBLISHED: 2021-03-01
When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request...
CVE-2021-27225
PUBLISHED: 2021-03-01
In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not authorized to access.
CVE-2021-27132
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.