Office workers fall victim to phishing attacks despite training

Despite training and other efforts to combat the problem, phishing is still proving a remarkably effective tactic for cyber criminals according to a new report.

The study by cloud business applications company Intermedia shows that while 70 percent of office workers say that their organization regularly communicates with employees about cyber threats as a means of prevention, there are significant gaps between confidence and effectiveness.

The problem isn't restricted to entry level staff either. Owners/executives (34 percent) and even IT workers (25 percent) report being victims of a phishing email more often than any other group of office workers.

"Today's rapidly changing threat landscape makes it more important than ever for companies to educate employees on new types of cyberattacks and vulnerabilities," says Ryan Barrett, Intermedia's vice president of security and privacy. "Take the recent Equifax breach, for example, which is by far the most invasive when you consider the sheer amount of sensitive personal data that's been accessed. This incident further arms scammers and hackers with information to craft exceptionally compelling, targeted phishing attacks. At this point, businesses should assume that bad actors are going to try to use this information to gain access their systems."

Training breeds confidence, 70 percent of those surveyed say they've received instruction on their company's security practices, and 86 percent of office workers report that they feel confident in their ability to detect phishing emails. Yet phishing techniques are still fooling people. Roughly one in five employees (21 percent) admit to being victims of phishing emails though there are differences between generations. Nearly a quarter of Generation X office workers (23 percent) and baby boomer-aged office workers (23 percent) say they have been the victim of a phishing email, compared to 17 percent of millennial office workers.

"It is no longer enough to just talk to employees about these threats, as this type of education can actually lead to a false sense of security," adds Barrett. "Instead, companies need to offer regular interactive IT security trainings, simulate security incidents to help employees detect and prevent cyberattacks, and talk about the risks when big data breaches are in the news. While office workers are confident in their skills, they still are susceptible to breaches, and organizations need to be doing more to protect themselves."

You can find out more about the report's findings on the Intermedia website.

Image Credit: Maksim Kabakou / Shutterstock