Why you should change your password
Webroot, a comnpany that harnesses the cloud and artificial intelligence to protect businesses and individuals against cyber threats, recently released a report that sheds light on psychological factors impacting an individual’s decision to click on a phishing email.
The release of the report is timely as we enter Australian Cybersecurity Week this week.
In conjunction with Wakefield Research, Webroot's report Hook, Line and Sinker: Why Phishing Attacks Work surveyed office professionals from the US, UK, Japan and Australia (1,000 per region) to determine what people know about phishing tactics, what makes them click on a potentially malicious link and other security habits.
“Security and productivity are always in a tradeoff. People put off security because they are too busy doing something with a more 'immediate' reward. These findings illuminate the pertinent need for a mindset makeover, where the longer-term reward of security doesn’t get put on the back burner,” said Cleotilde Gonzalez, Ph.D., Research Professor at Carnegie Mellon University.
The study revealed that over half (56%) of Australian office workers have had their data compromised, including nearly 3 in 10 (28%) more than once. Among Australian office workers who had their data compromised as part of a breach or hack, 3 in 10 (30%) did not take the basic step of changing their passwords after the incident, and only 1 in 3 (33%) informed a government agency. Not only is this false confidence potentially harmful to an employee’s personal and financial data, but it also creates risks for companies and their data.
“Phishing attacks continue to grow in popularity because, unfortunately, they work. Hackers and criminals weaponise the simple act of clicking and employ basic psychological tricks to inspire urgent action. It is vital that consumers educate themselves on how to protect both their personal and financial data and what steps to take if their information is compromised or stolen," said George Anderson, Product Marketing Director, Webroot, a Carbonite Company.
Businesses should implementing regular simulated phishing and external attacks that address the various ways hackers attempt to breach organisations through their users. By combining the latest detection, protection, prevention and response technology with consistent attack training and education, IT Security departments can tackle the people, process and technology combinations needed to successfully mitigate attacks.”
While a majority of Australian office workers (91%) reported being able to distinguish a phishing message from a genuine one, more than half (60%) also admit to having clicked on a link from an unknown sender while at work, especially from email (75%).
There is no foolproof way to prevent being phished but taking a layered approach to cybersecurity including ongoing user training will significantly reduce risk exposure.
As Forrester points out in its report, Now Tech: Security Awareness and Training Solutions, Q1 2019, “Your workforce should treat cybersecurity awareness with the same importance they use for ensuring that their projects, products, and messages are on key with company brand. Invest in solutions that weave security best practices throughout your corporate culture.”
Read the full Webroot Report: Hook, Line and Sinker: Why Phishing Attacks Work
S3 Consortium Pty Ltd (CAR No.433913) is a corporate authorised representative of LeMessurier Securities Pty Ltd (AFSL No. 296877). The information contained in this article is general information only. Any advice is general advice only. Neither your personal objectives, financial situation nor needs have been taken into consideration. Accordingly you should consider how appropriate the advice (if any) is to those objectives, financial situation and needs, before acting on the advice.
Conflict of Interest Notice
S3 Consortium Pty Ltd does and seeks to do business with companies featured in its articles. As a result, investors should be aware that the Firm may have a conflict of interest that could affect the objectivity of this article. Investors should consider this article as only a single factor in making any investment decision. The publishers of this article also wish to disclose that they may hold this stock in their portfolios and that any decision to purchase this stock should be done so after the purchaser has made their own inquires as to the validity of any information in this article.
The information contained in this article is current at the finalised date. The information contained in this article is based on sources reasonably considered to be reliable by S3 Consortium Pty Ltd, and available in the public domain. No “insider information” is ever sourced, disclosed or used by S3 Consortium.