UK survey finds generational and gender factors create yet another threat attack vector.
At an intimate press briefing at InfoSecurity Europe 2105 in London yesterday new research into online behaviour was exposed for the first time. The YouGov Research, sponsored by Blue Coat, shows females and 18-24 year olds are less likely to be hacked than middle-aged men.
Blue Coat Systems, Inc. a market leader in enterprise security revealed initial results from a study into the online behaviour of 1,186 UK employees across telephone, email and social media. The results show how ill-prepared most UK organisations could be for the increasingly sophisticated cyber threats posed by Social Engineering, where personal information is gathered, often via social media, and used to deliver advanced threats into corporate networks.
The online survey showed the behaviour of UK employees leaves them highly vulnerable to hacking. Overall, 54 percent of respondents said they would connect with strangers on social media and 56 percent have not set up access controls to their social media.
In recent cyber attacks, basic information has been used to reset social media passwords which then provides criminals, hacktivists or even hostile foreign powers access to confidential, sensitive information which can damage brand reputations and compromise valuable business assets. Some groups in the sample were more security savvy on social media than others. Key findings include:
Gender matters
UK female employees who use social media are more aware of the cyber threat. Over half, 52 percent, set up privacy settings so only certain people can see their full profiles, in contrast with just 36 percent of UK male employees. However, while UK females are more diligent about their privacy on social media sites, the survey did find they may still be vulnerable with 12 percent using pet names to generate online passwords, compared to just five percent of male employees.
All generations make mistakes
While 62 percent of 18 – 24 year olds take effective precautions over who accesses their social media data on mobile apps by checking the identities of strangers before connecting with them, 18 – 24 year olds also tend to share more work information on social media. In contrast, the survey found only 33 percent of 45 to 54 year olds, who typically hold more senior corporate roles and are therefore more likely to be targeted by cyber attacks, check requests before accepting invitations to connect.
Surprisingly, 18 percent or nearly one in five, UK employees say they have never had IT security training. Of the people who have been trained, just 10 percent report receiving regular training. Although social engineering cyber attacks are becoming more complex, just six percent of UK employees have received training and guidance on phishing attacks – a common tactic.
When asked by SecurityNewsDesk about the quality of the training Robert Arandjelovic the Director of Product Marketing, EMEA with Blue Coat said, “Any training is better than no training but the next step would clearly be to qualitatively assess training content to ensure the message was received and understood, but this question was not part of the wider study.”
Dr Hugh Thompson, chief technical officer and SVP at Blue Coat, said, “This research shows how employees can be a gateway in to corporate systems. As they reveal more about themselves on social media, they become more “knowable” which exposes them to higher risk of social engineering. As the seriousness and complexity of threats grows, businesses need to employ security measures, including training, that take into account the habits and behaviours of employees to better protect the enterprise. Security measures need to be seamless and tailored to enforce cyber-safe behaviour recognising that even the paranoid can be phished.”
Blue Coat is a leader in enterprise security, providing on-premise, hybrid and cloud-based solutions for protecting web connectivity, combating advanced threats and responding to security breaches. Blue Coat is the global market leader in securing connection to the web and counts nearly 80 percent of the Global Fortune 500 as its customers. For additional information, please visit www.bluecoat.com.
