Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

KnowBe4 research finds IT decision-makers complacent about phishing risks

KnowBe4's new research has found IT decision-makers are complacent about risks to the business from phishing and BEC (business email compromise – also known as CEO fraud).

user iconReporter
Thu, 24 Mar 2022
KnowBe4 research finds IT decision-makers complacent about phishing risks
expand image

The security awareness training and simulated phishing platform provider has also found that fewer than four in 10 (38 per cent) of Australian IT decision-makers say they are concerned about phishing as a risk to their organisation, while even fewer are concerned about BEC (28 per cent).

When asked to determine whether example emails and SMS were real or fake, only 3 per cent of Australian IT decision-makers were able to correctly identify them all. In addition, 23 per cent of Australian IT decision-makers use their work phones for personal activity (9 per cent higher than indicated by office workers) and 15 per cent use their work email address for personal activity.

Jacqueline Jayne, security awareness advocate for APAC at KnowBe4 is concerned about this trend.

“When those in charge with keeping a business secure are unaware of the risks and unable to identify scam emails and SMS messages, their organisations are at significant risk.

According to the ACCC, Australians lost a record $323 million to scams in 2021, up a massive 84 per cent from the previous year.

If those in charge of security are unaware of best practices, then they cannot educate and train employees.

When employees are using their work email address for personal activities such as online shopping, they are much more likely to fall victim to a phishing attack that uses a hook such as delivery delays to entice the victim to click through,” Jayne said.

Data breach protocol

According to KnowBe4 researchers, only four in 10 (42 per cent) IT decision-makers say they are confident they would know the steps they would need to take following a cyber incident or data breach in their organisation. Furthermore, just four in 10 Australian IT decision-makers believe the employees in their organisations understand the business impact of falling victim to a cyber attack (40 per cent), are confident their employees can identify phishing and BEC emails (42 per cent) and that their employees report all emails they believe to be suspicious (39 per cent).

Security investment

Only two-thirds (67 per cent) of Australian IT decision-makers say they plan on investing in/spending money towards cyber security in 2022. Those who plan on investing in/spending money towards cyber security in 2022:

  • Are most likely to be investing in/spending money on new cyber security software solutions (68 per cent).
  • Followed by a cyber security awareness training program with ongoing and relevant content (55 per cent).


Other areas of investment include further investment in infrastructure (44 per cent), employee policy changes related to cyber security (38 per cent), cyber security insurance (34 per cent) and simulated phishing and social engineering for end users (30 per cent).

Those who are planning on investing in/spending money towards cyber security in 2022 are more likely than those who are not to say that they are concerned about phishing (49 per cent compared to 18 per cent) and BEC (35 per cent compared to 13 per cent).

Having a clear separation between work and personal activities makes it much easier to spot when an email is a scam – if you know you never shop online using your work email address, then you know that email from Amazon cannot be real, Jayne concluded.

[Related: LastPass and PingOne launch new integrations enterprise solutions]

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.