A question about threat literacy among remote workers found that 81 percent of IT leaders felt their employees understood that 90 percent or more ransomware attacks originated through email phishing. Eighteen percent felt their employees didn’t know that, or didn’t know if employees understood the threats caused by email phishing attacks.
Steps IT leaders took over the past 12 months to mitigate the growing danger to remote workers included video training courses on how not to fall victim to a phishing attack (27 percent); the deployment of anti-phishing software (26 percent); regular email communications to workers to be vigilant (20 percent); one-on-one (by video conference) training with new employees (13 percent); deploying a VPN (12 percent). Two percent of those polled felt employees already knew enough not to open suspicious-looking emails, or links they didn’t trust.
Asked if these counter measures were sufficient to protect remote employees from phishing attacks, the overwhelming majority of IT pros—79 percent – felt they were. Just 15 percent said no. Asked if employees understood different types of phishing attacks, such as business email compromise or domain spoofing, almost 50 percent of respondents said “very well,” 39 percent said “quite well,” and 10 percent said not quite well. “Not at all” and “I don’t know” scored 1.25 percent and 1.5 percent, respectively.
Only 52 percent of those surveyed felt their organisation understood which areas of the business were the most vulnerable to attacks. The rest of the respondents answered “quite well” to “I don’t know,” leaving a large gap in understanding which employees from what departments within an organisation were the most at risk.
Despite the confidence in their organisations’ preparedness against the increase in sophisticated phishing threats to remote workers, 76 percent of IT leaders admitted their organisation would pay, or was likely to pay a ransom if their entire system was locked down through malware. Twelve percent said their company was unlikely to pay, 7.25 percent said their employers would not pay, and 5 percent didn’t know.
“This survey has uncovered a complex situation wherein IT leaders understand threats to their remote workers have grown significantly worse, yet they feel the organisation is protected well enough against them through weak solutions or in some cases, just email reminders,” said Tony Pepper, CEO of Egress. “This shows that there is a lot of trust given to employees, who are suddenly shouldering the burden of not falling victim to what has become an exponentially worse threat environment.”
Other data collected in the survey includes:
Why do you think employees are more vulnerable to targeted phishing attacks as remote workers (in order of importance):
· More removed from the org’s security team
· Distracting work environment
· Working from multiple or personal devices
· Pressure to appear more productive
· Phishing attacks have become more sophisticated
What level(s) or your organisation is/are responsible for protecting IT systems and infrastructure:
· CISO – 367 respondents
· CTO – 152 respondents
· IT Department – 605 respondents
· Other – 21 respondents