What’s the biggest detriment to your organization’s data?
It’s not what you think.
Everybody knows about the threat that hackers present to your data. But it's your employees
that present the bigger risk by unknowingly granting hackers access to your organization.
In Intermedia's 2017 Data Vulnerability Report, we surveyed 1,000+ full-time office workers at
companies of all sizes to find out how workplace behaviors are impacting data security.
While 70% of employees say that their company provides regular cyber
security risk training, the reality is office workers are lax at adhering to
security best practices. Education efforts don't extend far enough. The
number of phishing scams is higher than ever, and office workers
aren't being properly trained to circumvent this exponential risk. As a
result, a false sense of employee confidence is having financial
ramifications on organizations of all sizes.
We'll be releasing findings as part of an ongoing three-part series, looking at the impact and
outcome these habits have regarding email breaches and threats, ransomware, and data loss,
and what you should do about it.
SHARE THIS REPORT
Email Breaches and Threats
Vulnerability and Victims
PHISHING, THE PROCESS BY WHICH CYBER CRIMINALS ATTEMPT TO COERCE EMAIL VICTIMS INTO MAKING A FINANCIAL TRANSACTION, DISCLOSING LOGIN CREDENTIALS OR VISITING A MALWARE-LADEN WEBSITE, IS ONLY GETTING WORSE
ACCORDING TO THE FBI, BUSINESS-EMAIL COMPROMISE SCAMS ACCOUNTED FOR MORE THAN $5 BILLION IN LOSSES BETWEEN OCTOBER 2013 AND DECEMBER 2016
Research reveals a false sense of confidence among office workers with phishing scams still on the rise
EXPRESS BEING CONFIDENT IN THEIR ABILITY TO DETECT A PHISHING EMAIL
One in seven survey respondents are not confident in their ability to detect a phishing email or they do not know what phishing is
Roughly one in five office workers have been a victim of a phishing email
OF OFFICE WORKERS HAVE BEEN VICTIMS OF A PHISHING EMAIL
Phishing, It's Not Just for Entry-Level Employees
REPORT THEY HAVE BEEN THE VICTIM OF A PHISHING EMAIL, MORE THAN OTHER GROUPS OF KNOWLEDGE WORKERS
Ryan Barrett,VP of Security and Privacy, Intermedia
It’s no longer effective to just talk 'at' employees about cyber threats. Companies need to offer regular interactive IT security training events to show employees what real attacks look like, and how to react to them. For example, at Intermedia we do a Hacktober event every October where we simulate 'live' security incidents to help employees detect and prevent cyber-attacks in a fun and interactive way.
While the number of attacks has dramatically increased in the past two years, employee training has not
What companies deem to be “regular” communication
ACCORDING TO INTERMEDIA’S 2016 IT CONFIDENCE INDEX SURVEYED IT PROFESSIONALS SAID
WHY ARE EMPLOYEES STILL TAKING THESE RISKS AND WHAT SHOULD COMPANIES BE DOING TO PREVENT IT?
Ryan Barrett,VP of Security and Privacy, Intermedia
When it comes to devising trainings, companies need to think outside of the box. How do you track effectiveness? For example, we’ve even simulated a phishing attack among our own employees because we’ve found that the percentage of employees that fall victim to these self-imposed exercises goes down dramatically with each internal attempt. Interactive phishing campaigns allow employers to safely educate employees without risking the loss of valuable data.
HOW CAN CHANNEL PARTNERS HELP THEIR CUSTOMERS CIRCUMVENT THESE RISKS?
Eric Martorano,Chief Revenue Officer, Intermedia
Offering frequent interactive trainings might be achievable for larger companies, but it can be challenging for smaller organizations. SMBs are frequently limited by technical and/or financial resources to protect their data effectively, making them a prime target for cyberattacks. For MSPs, providing comprehensive security training in tandem with layered security solutions presents a prime opportunity to deliver additional value in a much-needed area.
Now what should you do?
As phishing evolves, we can expect office workers to continue falling victim to these scams, exposing their
organizations' data to hackers and cybercriminals. To that end, companies need to ensure their education
efforts include quarterly interactive trainings in tandem with layered security solutions. Ensuring employees,
customers, and partners alike are familiar with the changing threat landscape will help mitigate the false
sense of confidence that office workers have around detecting phishing scams and other cyberattacks.
Check out these resources below for further information on preventing phishing attacks, and to sign up to
receive Parts 2 and 3.
A partner’s guide to generating
revenue with email security
Sign up to receive an email alert when the next part
of the report is available
Intermedia integrates the essential IT applications that companies need to do business, including email, voice, backup and file sharing, productivity, identity and access management, security and archiving – all delivered by a single provider and integrated into one control panel. Intermedia services offer enterprise-grade security, a 99.999% uptime service level agreement and J.D. Power-certified 24/7 support. For more information, visit Intermedia.net or connect with us on Twitter, Facebook or LinkedIn.
This study was commissioned by Intermedia and delivered by Precision Sample®, an independent market research organization. Precision Sample has an active proprietary panel of over 3.5M respondents that is routinely validated with a stringent screening process including Verity® and RelevantID by Imperium®. Results derived from an 11-minute online survey instrument with 45 total questions, fielded June 1-5, 2017. Setup questions were used to ensure that only U.S. knowledge workers were in the sample, which was defined as those who routinely work in an office environment. Overall margin of error of +/- 2.95% at a 95% confidence interval.
All trademarks, registered trademarks, service marks, trade names and product names appearing herein are the property of their respective owners.