Employee susceptibility to online scammers is endangering their companies, according to a new study from global security software firm Avecto.
The study [registration required], "Know your threats: Social engineering," queried around 1,000 people who use the internet each day as part of their daily job function and found that 65 percent would be cautious about clicking on a link in an email sent to them by unknown sender. However, a similar percentage, 68 percent, would have no qualms about downloading content or clicking on a link if the email appeared to come from a colleague, supplier or friend.
The finding, the researchers attest, illustrates a security risk easily exploited by attackers who prey on the fact that personnel are too often easily enticed into providing confidential information that could open doors for the attackers to enter the company network.
The study also pointed up the fact that many employees show little awareness of the security risks of using social media. More than a third of respondents (37 percent) said they take no action to check or verify the identity of people they are connecting with online.
“Social engineering and phishing isn't a new phenomenon, it's tried, tested and incredibly lucrative," Andrew Avanessian, vice president at Avecto, said in a statement. "What is surprising however is the ingenuity with which hackers will try and deceive their victims, finding new and ever more sophisticated ways of getting hold of personal information."
User education is nowhere near where it should be and that, ultimately, is fatally undermining enterprise security, Avanessian added. "It's often said that humans are the weakest link in the security chain and organizations must act now to plug this knowledge gap.