This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

One in four UK office workers don't know what phishing is

Share this article:

The ignorance of most UK office workers about phishing, one of the most lethal forms of cyber threat, has been revealed in a new study.

One in four UK office workers don't know what phishing is
One in four UK office workers don't know what phishing is

The ignorance of most UK office workers about phishing, one of the most lethal forms of cyber threat, has been revealed in a new study which shows almost a quarter of people don't know what it is. Another worrying statistic is that nearly a fifth of UK companies provide no training at all to help staff understand security threats.

The survey of around 1,000 people, which was conducted by One Poll on behalf of vendor company PhishMe, shows that nearly 9 per cent of respondents thought phishing was ‘a new social media tool' while another 14 per cent simply did not know what it is.

Phishing – where cyber criminals use a spoof email to trick the recipient into clicking onto a fake link or opening a dangerous attachment – has been used in many recent successful cyber crimes, even among tech-savvy companies. Earlier this month Microsoft had a number of its blogs and Twitter accounts hacked by the Syrian Electronic Army via a phishing attack.

According to the survey, almost half the respondents estimate they receive between one and four phishing emails a day, while around 16 per cent admit to having been tricked by a phishing email – a problem compounded by the fact that just under 20 per cent of the UK organisations questioned provide no cyber security training.

Commenting on the findings, Amar Singh, chair of the UK Security Advisory Group at global cyber security user group ISACA, said they show that ‘the human' remains one of the biggest challenges in cyber resilience response.

“Phishing and spear-phishing (targeted phishing) will continue to remain a serious threat and as more people embrace smart devices, this threat and its impact is only going to increase,” Singh told SCMagazineUK.com.

“A simple message, like “think before you click” or “think before you share” could save an organisation an embarrassing data leak and, consequently, its brand reputation.”

Asked if the finding on lack of security training was surprising, PhishMe CEO Rohyt Belani told SCMagazineUK.com:

“It's not surprising to see a significant percentage of organisations not providing security awareness training. The traditional approach to security awareness has been largely ineffective, which has led those organisations to abandon the practice. However, more and more security practitioners are discovering new methods that effectively train users and focus on measurable behaviour change; the trend is most definitely reversing."

Belani explained: "Improving staff security awareness requires a new approach that delivers training in an immersive manner. Sending simulating phishing attacks that provide instant, bite-sized feedback in an engaging format when the recipient enters sensitive information, clicks on a link or opens an attachment, is an effective way to positively impact employee behaviour.

“Measuring the results of each exercise, and refining future exercises based on the results, allows you to repeat the process while also providing fresh content. Repetition reinforces good habits, and makes security part of your organisational culture.”

Singh, meanwhile, added that most companies can do a lot by simply educating their employees on security basics.

“Not many a battle will be won if you do not have your employees, your privileged employees, aware of the dangers of things like over-sharing, unnecessary tweeting and sharing passwords,” said Singh.

“Organisations need to address an employee's personal cyber space and offer help and information on how they can protect their personal cyber space. This approach would benefit both the organisation and the employee.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Apple criticised despite fixing iOS 7 and OS X flaws

Apple criticised despite fixing iOS 7 and OS ...

Apple has been criticised despite correcting various security flaws on iOS 7 and OS X Lion and Mountain, with one such bug allowing hackers to intercept data via an SSL ...

Dual-pronged social media attack vector discovered

Dual-pronged social media attack vector discovered

Symantec researchers have spotted a dual-pronged social media engineering attack.

Major Twitter spam attack 'traced' to fellow social media site

Major Twitter spam attack 'traced' to fellow social ...

Photo-sharing website We Heart may have been hit by a stream hack, after it was cited as the source for thousands of spam messages being sent out on Twitter.