Why you should change your password

Webroot, a comnpany that harnesses the cloud and artificial intelligence to protect businesses and individuals against cyber threats, recently released a report that sheds light on psychological factors impacting an individual’s decision to click on a phishing email.

The release of the report is timely as we enter Australian Cybersecurity Week this week.

In conjunction with Wakefield Research, Webroot's report Hook, Line and Sinker: Why Phishing Attacks Work surveyed office professionals from the US, UK, Japan and Australia (1,000 per region) to determine what people know about phishing tactics, what makes them click on a potentially malicious link and other security habits.

“Security and productivity are always in a tradeoff. People put off security because they are too busy doing something with a more 'immediate' reward. These findings illuminate the pertinent need for a mindset makeover, where the longer-term reward of security doesn’t get put on the back burner,” said Cleotilde Gonzalez, Ph.D., Research Professor at Carnegie Mellon University.

The study revealed that over half (56%) of Australian office workers have had their data compromised, including nearly 3 in 10 (28%) more than once. Among Australian office workers who had their data compromised as part of a breach or hack, 3 in 10 (30%) did not take the basic step of changing their passwords after the incident, and only 1 in 3 (33%) informed a government agency. Not only is this false confidence potentially harmful to an employee’s personal and financial data, but it also creates risks for companies and their data.

“Phishing attacks continue to grow in popularity because, unfortunately, they work. Hackers and criminals weaponise the simple act of clicking and employ basic psychological tricks to inspire urgent action. It is vital that consumers educate themselves on how to protect both their personal and financial data and what steps to take if their information is compromised or stolen," said George Anderson, Product Marketing Director, Webroot, a Carbonite Company.

Businesses should implementing regular simulated phishing and external attacks that address the various ways hackers attempt to breach organisations through their users. By combining the latest detection, protection, prevention and response technology with consistent attack training and education, IT Security departments can tackle the people, process and technology combinations needed to successfully mitigate attacks.”

While a majority of Australian office workers (91%) reported being able to distinguish a phishing message from a genuine one, more than half (60%) also admit to having clicked on a link from an unknown sender while at work, especially from email (75%).

There is no foolproof way to prevent being phished but taking a layered approach to cybersecurity including ongoing user training will significantly reduce risk exposure.

As Forrester points out in its report, Now Tech: Security Awareness and Training Solutions, Q1 2019, “Your workforce should treat cybersecurity awareness with the same importance they use for ensuring that their projects, products, and messages are on key with company brand. Invest in solutions that weave security best practices throughout your corporate culture.”

Read the full Webroot Report: Hook, Line and Sinker: Why Phishing Attacks Work