This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

One in four UK office workers don't know what phishing is

Share this article:

The ignorance of most UK office workers about phishing, one of the most lethal forms of cyber threat, has been revealed in a new study.

18% + of office workers have no security training
18% + of office workers have no security training

The ignorance of most UK office workers about phishing, one of the most lethal forms of cyber threat, has been revealed in a new study which shows almost a quarter of people don't know what it is. Another worrying statistic is that nearly a fifth of UK companies provide no training at all to help staff understand security threats.

The survey of around 1,000 people, which was conducted by One Poll on behalf of vendor company PhishMe, shows that nearly 9 per cent of respondents thought phishing was ‘a new social media tool' while another 14 per cent simply did not know what it is.

Phishing – where cyber criminals use a spoof email to trick the recipient into clicking onto a fake link or opening a dangerous attachment – has been used in many recent successful cyber crimes, even among tech-savvy companies. Earlier this month Microsoft had a number of its blogs and Twitter accounts hacked by the Syrian Electronic Army via a phishing attack.

According to the survey, almost half the respondents estimate they receive between one and four phishing emails a day, while around 16 per cent admit to having been tricked by a phishing email – a problem compounded by the fact that just under 20 per cent of the UK organisations questioned provide no cyber security training.

Commenting on the findings, Amar Singh, chair of the UK Security Advisory Group at global cyber security user group ISACA, said they show that ‘the human' remains one of the biggest challenges in cyber resilience response.

“Phishing and spear-phishing (targeted phishing) will continue to remain a serious threat and as more people embrace smart devices, this threat and its impact is only going to increase,” Singh told SCMagazineUK.com.

“A simple message, like “think before you click” or “think before you share” could save an organisation an embarrassing data leak and, consequently, its brand reputation.”

Asked if the finding on lack of security training was surprising, PhishMe CEO Rohyt Belani told SCMagazineUK.com:

“It's not surprising to see a significant percentage of organisations not providing security awareness training. The traditional approach to security awareness has been largely ineffective, which has led those organisations to abandon the practice. However, more and more security practitioners are discovering new methods that effectively train users and focus on measurable behaviour change; the trend is most definitely reversing."

Belani explained: "Improving staff security awareness requires a new approach that delivers training in an immersive manner. Sending simulating phishing attacks that provide instant, bite-sized feedback in an engaging format when the recipient enters sensitive information, clicks on a link or opens an attachment, is an effective way to positively impact employee behaviour.

“Measuring the results of each exercise, and refining future exercises based on the results, allows you to repeat the process while also providing fresh content. Repetition reinforces good habits, and makes security part of your organisational culture.”

Singh, meanwhile, added that most companies can do a lot by simply educating their employees on security basics.

“Not many a battle will be won if you do not have your employees, your privileged employees, aware of the dangers of things like over-sharing, unnecessary tweeting and sharing passwords,” said Singh.

“Organisations need to address an employee's personal cyber space and offer help and information on how they can protect their personal cyber space. This approach would benefit both the organisation and the employee.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

GCHQ head says agency was 'never involved in mass surveillance'

GCHQ head says agency was 'never involved in ...

Sir Iain Lobban says GCHQ staff "are normal decent human beings who watch EastEnders and Spooks".

Apple Mac OS criticised for sending search results to third parties

Apple Mac OS criticised for sending search results ...

Apple is under pressure to make changes to the Spotlight feature on the new Mac OS X Yosemite 10.10, which tracks location and sends data back to the firm and ...

China refutes new FBI hacking claims

China refutes new FBI hacking claims

It's been another week of claims and counterclaims as the US and Chinese governments accuse each other of deviant cyber security practices.