Good news!

A new study conducted by internet security firm ESET has revealed that 87% of British workers know what phishing is.

Hurrah!

Now for the bad news.

Brits, by and large, remain blissfully unaware of almost every other threat they may encounter.

Boo! Hiss!

Responding to a Cyber IQ test compiled by ESET boffins, the majority of UK workers appear to have been graded somewhere between a ‘U’ and a ‘D’ which, to anyone outside of the PC brigade, is a fail whichever way you care to look at it.

Tasked with answering a number of questions surrounding the topics of cybercrime and security awareness, the majority of answers given were incorrect, despite the beginner to intermediate level of the test.

The most significant issues noted by ESET include the following:

• only 42% were aware that mobile devices can be attacked in much the same way as a laptop or desktop computer can
• a mere 39% of the respondents knew what vishing was
• 23% thought antivirus software completely guaranteed their safety online
• only 29% recognised the need for complexity when constructing a password
• around 1-in-6 thought they had nothing to worry about as long as they didn’t visit dodgy websites
• 72% had no idea what IoT meant
• only a quarter of respondents could identify what a DDoS attack was
• less than 20% of those questioned knew which WiFi standard was considered to be the most secure

Commenting on the Cyber IQ test results, ESET’s own Mark James said:

Phishing is without a doubt one of the biggest threats to consumers so it is very reassuring to see that the majority are aware of the threat. However, consumers need to understand that antivirus is only part of the solution, they also need to be careful where they click.

Cybercriminals are constantly revolutionising threats to make them even harder to detect and you can never been 100% secure.

Consumers must also be aware that cybercriminals target mainstream, popular consumer websites just as frequently as they do illicit sites. Cybercrime is a business and hackers know that they have a bigger return on investment hitting sites that have high numbers of visitors.

Consumers should always treat the internet with caution and never click on links or visit sites which seem suspicious.

Our study has shown that consumers are still very behind in terms of cyber awareness and could be putting themselves, and the organisations they work for, at risk.

There are many security issues which are more targeted at businesses; however consumers should have a good understanding of the threats that target them.

Cybercriminals are constantly looking at ways to exploit mobile devices and consumers should be aware of this.

By not having the proper security standard enabled on their router, consumers could be unknowingly opening their home network to threats.

While I don’t have a list of the specific questions available, the answers certainly do highlight some pretty glaring issues as Mark suggests.

If you were to sit your staff down and subject them to a Cyber IQ test right now, how do you think they would fare?

Have you got a security culture within your organisation and do you take security awareness seriously (an exercise in ticking boxes doesn’t count)?

If not, why not? And what are you going to do about it? Hint: we can help.