New research from OpenText Security Solutions has revealed that just under half of UK employees (42%) are unable to identify scam emails.
The firm conducted the survey in response to common scams circulating in the UK to better understand employee awareness of online security threats, popular attack methods and scam emails.
Findings come at a time of increased cyber-criminal activity, particularly with the advent of Covid-19 and the war in Ukraine, with the average business targeted 28 times by cyber threats in the past year.
Additionally, with around 44% of large firms suffering network downtime lasting longer than one day due to phishing attacks, evidence suggested that businesses should ensure staff are educated on risky IT behaviours that can lead to security compromises.
The survey also revealed that many employees are unaware of common terms related to cyber threats, with 50% revealing they had never heard of the term DDoS (distributed denial-of-service) and 60% had no knowledge of BEC (business email compromise).
According to OpenText Security, this demonstrates a clear need for organisations to “cut the jargon” when it comes to educating employees on cybersecurity.
Commenting on the statistics, Matt Aldridge, Principal BrightCloud Threat Intelligence Solutions Consultant at OpenText Security Solutions, said: “Security awareness is critically important for all organisations, as the employee is always the first line of defence in cybersecurity.
“There’s no use investing in sophisticated cybersecurity software if employees click on dangerous phishing links and grant cyber-criminals access to the business network or to confidential data. It’s like turning on a fancy home security alarm, but leaving a window open — you’ll be left playing catch-up after the bad guys get in.”
He added: “To ensure cyber resilience, employees need to be educated on the latest risks as soon as they are discovered – whether that’s the Royal Mail scam or the multitude of other threats.
“Organisations can achieve this by using templated phishing simulations that are reflective of the latest emerging scams. These should be implemented alongside strong and robust communication to employees and adequate technical defences, all of which will help to ensure cyber resilience,” he concluded.
Additional findings from the report show over a quarter of employees in the UK (29%) have never completed any form of cyber risk training.
Furthermore, seven-in-ten (70%) employees indicated they would be worried to report that they had compromised the security of their company to their boss.
The findings indicated that many UK organisations need to change their attitudes towards cybersecurity in order to improve employee vigilance against scam emails.
Research from the recent Kaspersky Spam and Phishing Report in 2021 found that just under half of all emails sent in the last year were spam.
According to the data, spam accounted for an average of 45.56% of emails sent during that period.
Researchers found several popular topics used by fraudsters, including subjects related to cryptocurrencies or stocks, generally offering investment opportunities.
With research from cybersecurity research group Comparitech from April finding that UK Government employees received over 2.5 billion malicious emails in 2021, a new email reporting scheme has been released to help combat the problem.
The National Cyber Security Centre scheme has resulted in the take-down of 76,000 online scams, including campaigns piggybacking off the NHS, online delivery companies and cryptocurrency investments.
Get the latest news from DIGIT direct to your inbox
Our newsletter covers the latest technology and IT news from Scotland and beyond, as well as in-depth features and exclusive interviews with leading figures and rising stars.
To subscribe, click here.