Social test highlights lack of cyber security sense among employees

More than one in four (27 per cent) employees clicked a phishing link during a social engineering test, suggesting that a significant portion of office-based workforces are still concerningly undereducated when it comes to cyber security.

Security firm Positive Technologies conducted a series of test attacks on several of its clients’ users by emailing employees with messages that prompted them to enter their credentials on a website.

None of the emails contained real malware or caused any actual harm, but if the schemes had been designed by cyber criminals, 17 per cent of the email attacks would have successfully compromised corporate systems.

Leigh-Anne Galloway, cyber security resilience lead at Positive Technologies, revealed that attackers can make the ill-meaning emails more effective by combining different methods. For example, a single message may contain a malicious file and a link, which leads to a website containing multiple exploits and a password entry form.

“Malicious attachments can be blocked by properly configured antivirus protection. However, there is no surefire way to prevent users from being tricked into divulging their password,” she commented.

Positive Technologies’ report highlighted the fact that the human factor is still the weakest spot in any protection system, thus making training on information security awareness for employees more important than ever.

The firm urged companies to start developing and implementing a program that improves the information security awareness of employees.