UK workers are knowingly jeopardising their workplace's cybersecurity with Phishing Risks
According to a report by Cyber Security Firm Proofpoint 95% and the report they created “2024 State of the Phish report.” This year’s global report is based on a survey of 7,500 end users and 1,050 security professionals, conducted across 15 countries. UK workers who took part in the survey are knowingly jeopardising their workplace's cybersecurity.
The Majority interviewed worldwide, 48% admitted to carelessness for convenience, 40% in order to save time, and 22% due to a perceived sense of urgency. Despite being aware of the risks posed by cyber attacks, their actions demonstrate a blatant disregard for maintaining the integrity and security of their organisations' systems.
The alarming statistics reveal a concerning trend in the phishing cybersecurity landscape of UK businesses. The high infection rate of ransomware, affecting nearly two-thirds of businesses, highlights a significant vulnerability that needs urgent attention.
UK businesses need to improve security awareness and resilience : Key findings from this phishing report
Risky actions: Phishing
71% of users admitted to taking a risky action, such as reusing or sharing a password, clicking on links from unknown senders, or giving credentials to an untrustworthy source. And 96% of them did so knowing that they were taking a risk.
Ransomware: Phishing
69% of organizations experienced a ransomware attack in 2023, up from 64% in 2022. However, the rate of payment to ransomware attackers declined from 64% to 54%, indicating that organizations are becoming more aware of the drawbacks and risks of paying ransoms.
UK businesses targeted by BEC attacks:
UK businesses experienced a 29% increase in business email compromise (BEC) attacks in 2023, making it one of the most affected countries by this type of threat. BEC attacks involve impersonating a trusted person or entity to trick the recipient into transferring money or revealing sensitive information.
Phishing Simulations for UK Businesses
UK businesses participated in link-based (59%), data-entry (30%), and attachment-based (10%) tests. Notably, attachment-based simulations had the highest failure rate at 17%.
Cyber Phishing Awareness Resilience Factor in the UK
The average resilience factor (reporting rate divided by failure rate) for UK businesses increased to 2.0 in 2023, up from 1.7 in 2022.
Urgent action is needed to boost cybersecurity, educate staff, and enforce security policies against ransomware attacks on UK businesses. Neglecting these measures risks data safety and business sustainability.
Strategies for Encouraging Employees to Prioritise Security Measures in the Workplace
Encouraging employees to prioritize Phishing security measures in the workplace is crucial for safeguarding sensitive information and maintaining a robust cybersecurity posture. As a business owner, it’s crucial to stay informed about the growing threats in the digital landscape. Here are some key points to consider:
Keep an eye out for emerging attack techniques:
- TOAD: This method uses phone numbers and call centers to deceive users into granting remote access or revealing credentials.
- MFA-Bypass: Attackers exploit proxy servers to intercept multi-factor authentication (MFA) tokens, bypassing an extra layer of security1.
- QR Codes: Be cautious with QR codes; they can embed malicious content and evade automated detection.
- Generative AI: This technology creates realistic content based on prompts, which can enhance social engineering attacks.
Remember, proactive measures and a vigilant workforce are essential for maintaining a resilient Phishing cybersecurity posture.
Understanding Phishing Industry Failure Rates: A Key Insight for Business Owners
What was interesting from this report was the Industry failure rate that was interviewed worldwide.
Industry-Specific Cyber Security Employee Phishing Failure Rates
- Transportation and Storage: This sector tops the list with a 14.7% business failure rate. The challenges faced by transportation companies are evident, emphasizing the need for robust strategies.
- Business Administration and Support Services: Closely following, this sector experiences a 14.1% failure rate. These businesses encounter hurdles related to administrative and support functions.
- Retail and Construction: These two industries tie for the third spot, both with a 53% failure rate. Retail businesses grapple with market dynamics, while construction faces project complexities.
- Manufacturing: Approximately 51% of startups in manufacturing fail. The intricacies of production, supply chains, and market demand contribute to this rate.
- Service Industry: With a 45% failure rate, service-oriented businesses must navigate customer expectations, quality assurance, and competition.
The report highlights concerning industry-specific cyber security employee failure rates across various sectors worldwide. These findings stress the importance of implementing robust strategies to address sector-specific challenges effectively.
While a security awareness program is crucial for any organisation's security strategy, it must be complemented with effective measures to drive behavioural change among employees. A security awareness program should be an essential component of any organization’s security strategy, but by itself it isn’t enough.
The report clearly shows 96% of people who took a risky action knew that what they were doing might be risky. The challenge is now not just awareness, but behavior change.
How to shift employees' behavioral awareness towards better business security.
Reduce security friction
Lengthy security processes may frustrate users and weaken the organization's security culture.
Track security bottlenecks to improve efficiency and prevent users from bypassing controls.
Prioritize ease of use, automation, and top-notch security measures. By integrating a multilayered platform approach, organisations can enhance defence against evolving threats and lessen user burden in following security protocols.
Go beyond Cyber Security training for Employees
Develop a robust security culture through improved communication and engagement to enhance how users deal with security matters responsibly.
Implement a behavior change program
A behaviour change programme systematically encourages positive habits and discourages risky actions. Reward users for safe practices to enhance security measures within the organisation.
Reward Your Staff
Advocates/champions reduce user uncertainty on security responsibility by promoting best practices and offering support. Trust, engagement, and a positive security culture are nurtured through their efforts.
Start Cyber Security Training Here