While most people acknowledge the security risks of opening an email from an unknown sender or downloading an app from an unauthorized app store, many continue to engage in this risky behavior.
A new study from Blue Coat Systems found that 82 percent of U.S. employees knew that opening an email from an unverified source is considered “very risky;” however, 17 percent still admitted to doing so. This 17 percent could be mostly composed of people who weren't aware that this behavior put their systems at-risk, said Hugh Thompson, CTO and senior vice president, Blue Coat, in an interview with SCMagazine.com, although the survey did not relate the two questions.
Even still, Thompson suggested that those knowledgeable of the risk could be opening emails from unknown senders because, in reality, phishing emails are becoming trickier, and their perpetrators are personalizing attacks.
Thompson went on to say that everyone has a weak spot that could entice them to open an email, such as a favorite sports team, for example, and with social media making this information readily available, creating a convincing email isn't too difficult a task.
Considering that of the 250 U.S. respondents to Blue Coat's survey half of whom were at the CIO level, even IT security pros fall victim to various attacks.
“We do live in a time when anyone can be deceived,” Thompson said. “Anyone can be phished, even the most paranoid.”
Beyond opening emails from unknown senders, 72 percent of U.S. employees know using a new app without IT's permission is “wrong,” but 28 percent still will use the apps. Plus, 22 percent of U.S. employees reported downloading apps from outside Apple's App Store and Google Play.
Perhaps even more surprising, Thompson said, is that one out of 20 U.S. employees has looked at adult content on their work device. In China, one in five employees admitted to doing so.
This could just be chalked up to disregard for a device or the company's broader policies, said Thompson.
Overall, the findings suggest that employees are continuing to put enterprises at risk, which could require security professionals to rethink their security strategies.
“This is not a problem we can educate our way out of,” Thompson said. “We need to change training awareness around actions and how awareness is linked to action.”
Furthermore, he said, security solutions need to facilitate employees' work seamlessly.
The survey consisted of responses from 1,580 respondents from 11 countries.