MediaPRO is a security awareness training company that has been doing for three years now an annual analysis of employees’ security awareness and knowledge of cybersecurity best practices.
The study finds out the employees’ vulnerability to various security threats and evaluates their ability to recognize the phishing threats, prospective malware infections, and hazards of cloud computing and social networking. It likewise looks at their knowledge of best practices related to working through the network, physical safety procedures, and reporting security concerns.
The State of Privacy and Security Awareness study this year was participated by 1,024 employees coming from seven industry sectors. They answered questions related to the important components of privacy and security pointed out above.
After going through the answers, MediaPRO grouped the study participants into three based on the number of questions they answered right:
Hero – Those who possess an outstanding knowledge of security and the correct way to protect resources.
Novice – Those who have a fair knowledge of the basics of security but still need improvement in important areas.
Risk – Those who falls short of understanding risks and best practices which pose a substantial risk to their company.
According to the study results this year, 25% of the participants were ranked as Hero. However, 75% do not possess the demanded security awareness and answered less than 90% of the questions correctly. The results are apparently worse than last year.
The employees categorized as Risks increased from 16% in 2016 to 19% in 2017 and to 30% in 2018. Those categorized as Heroes in contrast fell year-over-year from 30% (2017) to 25% (2018). Study participants categorized as Novices diminished from 51% (2017) to 45% (2018).
The employees also worsened this year in terms of detecting physical security threats, malware infections or potential phishing attacks, securing personal data, reporting suspicious activities and cloud computing security. 25% of employees who use social media websites or work remotely took risks in contrast to just 20% last year.
People in management or higher positions were worse compared to employees in lower positions in terms of security awareness. 77% of managers versus 74% of employees in lower ranks didn’t have adequate security awareness.
It is particularly troublesome to know that employees still fail in identifying phishing emails with the increasing phishing attacks in recent years. The number of employees who did not get the phishing questions correctly was only 8% in 2017, but this year, it is 14%. 58% of the study participants also didn’t have enough knowledge of email threats, specifically Business Email Compromise (BEC) scams. Though 80% of participants were able to identify phishing emails, 18% still opened attachments or clicked links in email messages from an anonymous sender. What’s more bothersome is that finance employees were the most susceptible to phishing attacks.
If you would like to read the 2018 State of Privacy and Security Awareness Report, it is accessible on this page.