Friday, 23rd October 2020

British employees lax on cybersecurity

New research by cybersecurity expert Mimecast shows the growing divide in cybersecurity awareness across business divisions.

After working from home for months, Britons have developed lax cyber security habits, using their work equipment to shop online, check their social media or forgetting to log themselves out of applications once they’ve stopped using them. Businesses should capitalise on the phased return to the office to implement stringent training and improve cybersecurity awareness among their workforce, according to a new industry survey by cybersecurity expert Mimecast.

Today, Mimecast releases the findings of its survey into cybersecurity awareness and best practices in the UK. And the results are damning:

  • 63% of Britons use their personal devices to access the corporate network
  • As the lines between their personal and professional lives blur, almost 60% forward personal emails to their professional ones
  • Almost half open attachments from unknown sources (49.4%) or click on links in emails from unknown sources (47.1%)

These bad practices result in more cybersecurity incidents across businesses, with three in four IT leaders witnessing cybersecurity issues once a month or more – more worryingly, 20% of them admit occurrences happen more than once a day.

Email remains the first source of cybersecurity issues: 42% of IT leaders acknowledge most cybersecurity incidents start with an employee clicking on a malicious link in an email. As hackers become more sophisticated, 30% admit that these emails mimic an internal source, increasing the challenge to identify whether a source is legitimate or not for employees who may not have seen their colleagues since March.

Cyberhygiene varies widely between divisions

To add to this constant headache for IT leaders, the level of cybersecurity awareness within the organisation varies widely between divisions – with the main culprits for poor cybersecurity hygiene often being the ones who manage the highest volume of emails.

IT leaders rank risk and compliance as the most trustworthy division when it comes to cybersecurity, closely followed by the finance department. The latter has long been a hacker’s favourite target as one small mistake can provide access to the company’s financial information and result in a dip in revenue.

While the guarantors of the company’s financial health are among the most vigilant when it comes to cybersecurity, those responsible for its reputation could use a refresher: IT leaders see marketing and communications as the worst offenders when it comes to bad cybersecurity practices, followed by design and HR & training.

Many organisations had to implement large-scale remote working policies in a hurry to respond to the lockdown. Yet, IT leaders are confident this has helped their workforce to become more mindful of cybersecurity: eight out of ten believe their company will be better prepared to cope with disruption, and that employees within their organisation will have better cyber hygiene moving forward.

Francis Gaffney, Director of Threat Analysis at Mimecast explains: “The COVID-19 pandemic has had a massive impact on businesses across the country, making it difficult for many to function as they usually would. With offices forced to close overnight, many workforces were working remotely for the first time. This obviously had major implications for cybersecurity, as IT had limited visibility into employee habits. This research is particularly worrying because it shows that UK employees are failing to follow basic cybersecurity best practises, which can have huge repercussions for businesses both financially and from a reputation perspective. Now is the time to prioritise cyber hygiene awareness training to ensure employees returning to the office will be proficient in keeping the business secure.”

Trustwave has released the 2020 Trustwave Data Security Index report which depicts how technology tr...
According to Venafi study, machine identity related cyberattacks grew by more than 400% between 2018...
Four out of five (83%) companies in the telecommunications & media sectors experienced a DNS attack...
Netwrix report reveals that concern about data theft by employees and IT admin mistakes has soared s...
Retail, Hospitality, Travel industries were hit with over 63 billion credential stuffing and 4 billi...
UK's leading free credit score and credit marketplace protects customer data from account takeover a...
VMware has released the results of its sixth Global Incident Response Threat Report, entitled: “The...
HCL Software and Ponemon Institute have released findings of a new report on application security in...