A new survey from PhishMe Inc. has revealed that the majority of UK office workers have trouble deciding who to trust (awareness training helps) in this, the digital age. That, however, is hardly surprising on account of the fact that 14% have already had a bad experience on the sharp end of cybercrime.
The study examined the attitudes of 1,000 UK office workers towards cybercrime and phishing and revealed that a staggering sixty percent of respondents have difficulty in deciding which sources to trust online.
Of the websites that UK office workers do trust, banks come out on top with 55 percent of respondents saying that they trust their own bank. Unsurprisingly, perhaps, dating websites are the least trusted with only 0.3 percent of respondents saying they feel safe using them.
When respondents were asked which online sources they do trust the findings were:
- 55 percent of respondents trust their own bank
- 19 percent of respondents trust online retailers
- 17 percent of respondent trust other banks
- 10 percent of respondents trust Facebook
- 6 percent of respondents trust the media
- 5 percent of respondents trust LinkedIn and Twitter
- 2 percent trust online blogs
- 0.3 percent of respondents trust dating sites
In response to the survey findings Rohyt Belani, CEO and co-founder of PhishMe said:
“Given the media attention on recent data breaches against seemingly safe organisations, it doesn’t surprise me that UK office workers feel vulnerable in the online world. Phishing attacks are rife in the digital world and it is vital that Internet users be wary of providing personal information which could be used against them for nefarious purposes. Organisations should provide staff with training on how to spot online threats because the attackers will often go after employees first, if they want to compromise an organisation’s network.”
Other findings revealed that just under half of UK office workers are more worried about being phished at home than at work (though we shouldn’t forget that phishing in the corporate sphere is still very much an issue); however, given that 1-in-7 respondents have, or know someone who has, been badly affected by cybercrime, this figure is not surprising.
The key findings amongst those who have already been affected by cybercrime are:
- Over 50% the people experienced financial loss
- More than 1-in-3 experienced identity theft
- Over twenty percent experienced data loss
- More than a third were left with an infected computer
“The fact that one in seven office workers have already been affected by cybercrime should be a big concern for organisations because these threats could potentially be brought into a corporate network through bring-your-own-device (BYOD) policies and the use of consumer cloud applications within the work place. Organisations that provide their employees with continuous security training will not only be significantly more prepared, they will also be able to leverage their employees for an additional source of threat intelligence.”
I personally think the findings of the survey are very interesting for a couple reasons.
Firstly, I wonder why around half of those surveyed were more concerned about being phished at home than at work – I’d like to think that it is because security is a far bigger deal in the business environment but suspect the reality is more base than that – they probably value their own data more highly.
Secondly, the level of trust levied in banks seems surprisingly large. Speaking for myself, I find that the majority of phishing emails I receive attempt to spoof financial institutions so, even though my own banking website is probably secure, I trust nothing that purports to come from there.
Also, the other levels of trust quotes, i.e., only 19% having faith in retailers, makes me wonder how any business gets done on the internet – I can only assume that a lot of people take a deep breath before clicking on anything (becoming more security conscious would probably be better for their blood pressure)!
I also find it curious that only 2% of those surveyed trust online blogs – they obviously haven’t discovered SecurityWatch yet :)