Blue Coat Systems,Inc. a market leader in enterprise security today revealed initial results from a study into the online behaviour of 1,186 UK employees across telephone, email and social media. The results show how ill-prepared most UK organisations could be for the increasingly sophisticated cyber threats posed by Social Engineering, where personal information is gathered, often via social media, and used to deliver Advanced Threats into corporate
The online survey showed the behaviour of UK employees leaves them highly vulnerable to hacking. Overall, 54 percent of respondents said they would connect with strangers on social media and 56 percent have not set up access controls to their social media.
In recent cyber attacks, basic information has been used to reset social media passwords which then provides criminals, hacktivists or even hostile foreign powers access to confidential, sensitive information which can damage brand reputations and compromise valuable business assets. Some groups in the sample were more security savvy on social media than others.
Key findings include:
Gender matters – UK female employees who use social media are more aware of the cyber threat. Over half, 52 percent, set up privacy settings so only certain people can see their full profiles, in contrast with just 36 percent of UK male employees. However, while UK females are more diligent about their privacy on social media sites, the survey did find they may still be vulnerable with 12 percent using pet names to generate online passwords, compared to just five percent of male employees.
All generations make mistakes – While 62 percent of 18 – 24 year olds take effective precautions over who accesses their social media data on mobile apps by checking the identities of strangers before connecting with them, 18- 24 year olds also tend to share more work information on social media. In contrast, the survey found only 33 percent of 45 to 54 year olds, who typically hold more senior corporate roles and are therefore more likely to be targeted by cyber attacks, check requests before accepting invitations to connect.
Surprisingly, 18 percent or nearly one in five, UK employees say they have never had IT security training. Of the people who have been trained, just 10 percent report receiving regular training. Although social engineering cyber attacks are becoming more complex, just six percent of UK employees have received training and guidance on phishing attacks – a common tactic.
Hugh Thompson, chief technical officer and SVP at Blue Coat: “This research shows how employees can be a gateway in to corporate systems. As they reveal more about themselves on social media, they become more “knowable” which exposes them to higher risk of social engineering. As the seriousness and complexity of threats grows, businesses need to employ security measures, including training, that take into account the habits and behaviours of employees to better protect the enterprise. Security measures need to be seamless and tailored to enforce cyber-safe behaviour recognizing that even the paranoid can be phished.