An Urgent Need for Security Awareness Training: 30 Percent of Employees Don’t Know What Phishing Is

A recent Wombat Security Technologies survey of more than 2,000 working adults (half in the U.S. and half in the U.K.) found that 30 percent of respondents don’t know what phishing is, and 10 percent aren’t even able to provide a guess.

Even more alarmingly, almost two thirds of respondents don’t know what ransomware is.

“We often find that those of us who work in cyber security overestimate the knowledge the general public has on cyber security risks and basic secure behaviors,” Wombat vice president of marketing Amy Baker said in a statement. “This could be giving security professionals false confidence and may be the reason why just fewer than half of organizations have a security awareness training program for their employees.”

Half of U.S. respondents said they’ve been a victim of identity theft, compared to just 19 percent of U.K. respondents. The report suggests that may be linked to lax security habits — 54 percent of U.S. respondents believe a trusted location, like a nice hotel or international airport, indicates a trusted Wi-Fi network, while just 27 percent of U.K. respondents agree.

An Informed Workforce

“When organizations consider the implications of end-user-driven risks, they should also consider the opportunities to mitigate these risks and create a workforce that has the knowledge to make informed choices and has the ability to be part of the solution rather than part of the problem,” the report states.

A surprising number of U.S. respondents allow their family members and trusted friends to use their work devices to check and reply to email (46 percent), view and post to social media (43 percent), stream media (47 percent), shop online (48 percent) and play games (50 percent).

And while 38 percent of U.S. respondents said they use a password manager compared to just 10 percent of U.K. respondents, just 29 percent of U.S. respondents said they use a different password for each account, compared to 35 percent of U.K. respondents.

Twelve percent of U.S. respondents and 19 percent of U.K. respondents said they use the same one or two passwords for most or all online accounts.

Password Problems

That kind of behavior can expose a company to significant risk. A recent Preempt Security analysis of passwords at more than 220 companies found that almost 20 percent of enterprise passwords can be easily compromised, and more than 7 percent of employees are using extremely weak passwords that have appeared in previous breaches.

Almost 14 percent of users have shared passwords. “Password sharing is one of the biggest and unspoken issues affecting password quality,” Preempt senior researcher Yaron Ziner wrote in a blog post. “Users are sharing passwords with other users, teams and between services.”

In general, larger organizations have more secure passwords than smaller ones. “It is safe to assume that large organizations have a dedicated security team that is in charge of IT security, educates users and sets strict password complexity requirements,” Ziner noted.

“As cyber threats become more sophisticated, organizations need to take a proactive approach in securing their network,” Ziner wrote. “Oftentimes, small and medium organizations suffer the most from the cyber security skills gap, and therefore need easy tools to efficiently evaluate their cyber posture and readiness to face outside threats.”

Jeff Goldman
Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Latest articles

Top Cybersecurity Companies

Get the Free Newsletter!
Subscribe to Cybersecurity Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter!
Subscribe to Cybersecurity Insider for top news, trends & analysis
This email address is invalid.

Related articles