75% of Employees Lack Security Awareness

MediaPro has published its 2018 State of Privacy and Security Awareness Report which assesses the level of security awareness of employees across different industry sectors. The report is based on the responses to questionnaires sent to 1,024 employees across the United States that probed their understanding of real-world threats and security best practices.

This is the third year that MediaPro has conducted the study, which categorizes respondents in one of three groups –Risk, Novice, or Hero – based on their understanding of security threats and knowledge of best practices that will keep them and their employer safe.

In 2016, when the survey was first conducted, 16% of respondents rated a risk, 72% were rated novices, and 12% were rated as heroes. Each year, the percentage of novices has fallen and the percentage of heroes has increased. Unfortunately, the percentage of employees rated as a risk to their organization has also increased year-over-year.

In this year’s State of Privacy and Security Awareness Report, 75% of all professionals were rated as either a moderate or severe threat to their organization. 30% of respondents were deemed to be a risk to the business, 45% were novices, and 25% were heroes. 77% of respondents in management positions showed a lack of security awareness, which is of particular concern since they are often targeted by phishers.

The biggest concerns were an inability to identify the signs of a malware infection and a phishing attempt. There was also poor understanding of social media risks. When asked questions related to malware, almost 20% of employees failed to recognize at least one indicator of a malware infected computer. Given the increase in cryptomining attacks, it was a concern that a slow computer was the most commonly overlooked sign of a malware infection.

Phishing attacks continue to rise but phishing awareness is much worse than last year. 14% of respondents failed to identify all signs of a phishing email compared to just 8% last year. The most commonly missed phishing attempt was the offer of a hot stock tip, which was failed by 20% of respondents. There was also poor understanding of Business Email Compromise (BEC) scams.

It was a similar story for social media safety, with around 20% of respondents making bad decisions on social media sites – decisions that could cause problems for their company such as disclosing sensitive information or responding to potentially libelous comments by coworkers.

An analysis of scores by industry sectors revealed the financial services performed the worse of the seven industry sectors represented in the study. 85% of respondents in the financial services had a lack of security awareness to some degree.

“These levels of riskiness are alarming. It only takes one person to click on the wrong email that lets in the malware that exfiltrates your company’s data. Without everybody being more vigilant, people and company data will continue to be at risk,” said Tom Pendergast, chief security and privacy strategist at MediaPRO.

Author: NetSec Editor