Senior staff in companies most likely to pose security risks

Blue Coat Systems,Inc. a market leader in enterprise security today revealed initial results from a study into the online behaviour of 1,186 UK employees across telephone, email and social media. The results show how ill-prepared most UK organisations could be for the increasingly sophisticated cyber threats posed by Social Engineering, where personal information is gathered, often via social media, and used to deliver Advanced Threats into corporate

The online survey showed the behaviour of UK employees leaves them highly vulnerable to hacking. Overall, 54 percent of respondents said they would connect with strangers on social media and 56 percent have not set up access controls to their social media.

In recent cyber attacks, basic information has been used to reset social media passwords which then provides criminals, hacktivists or even hostile foreign powers access to confidential, sensitive information which can damage brand reputations and compromise valuable business assets. Some groups in the sample were more security savvy on social media than others.
Key findings include:

Gender matters – UK female employees who use social media are more aware of the cyber threat. Over half, 52 percent, set up privacy settings so only certain people can see their full profiles, in contrast with just 36 percent of UK male employees. However, while UK females are more diligent about their privacy on social media sites, the survey did find they may still be vulnerable with 12 percent using pet names to generate online passwords, compared to just five percent of male employees.

All generations make mistakes – While 62 percent of 18 – 24 year olds take effective precautions over who accesses their social media data on mobile apps by checking the identities of strangers before connecting with them, 18- 24 year olds also tend to share more work information on social media. In contrast, the survey found only 33 percent of 45 to 54 year olds, who typically hold more senior corporate roles and are therefore more likely to be targeted by cyber attacks, check requests before accepting invitations to connect.

Surprisingly, 18 percent or nearly one in five, UK employees say they have never had IT security training. Of the people who have been trained, just 10 percent report receiving regular training. Although social engineering cyber attacks are becoming more complex, just six percent of UK employees have received training and guidance on phishing attacks – a common tactic.

Hugh Thompson, chief technical officer and SVP at Blue Coat: “This research shows how employees can be a gateway in to corporate systems. As they reveal more about themselves on social media, they become more “knowable” which exposes them to higher risk of social engineering. As the seriousness and complexity of threats grows, businesses need to employ security measures, including training, that take into account the habits and behaviours of employees to better protect the enterprise. Security measures need to be seamless and tailored to enforce cyber-safe behaviour recognizing that even the paranoid can be phished.

Like this article?

Share on twitter
Share on Twitter
Share on linkedin
Share on Linkdin
Share on facebook
Share on Facebook
Share on email
Share via email

Other posts that might be of interest

Internet Psychology

Is your brain back to front?

British businesses will spend this weekend on tenterhooks as they wait for Monday’s announcement from the Government about the ending of lockdowns. For the past couple of weeks, the mutterings from 10 Downing Street suggest

Read More »
Internet Psychology

Can you do boring tasks?

Last week, not far from the M25 in Buckinghamshire, the biggest-ever boring machine in the UK started its slow churn through the Chiltern hills to dig a tunnel for the HS2 rail system. It will

Read More »
Fence painting
Online Business

When did you last paint your garden fence?

If you are a “big change” business, then you are like my garden fence. Leaving it unpainted for so long has created much more work, at a higher cost, than if it had been tended to every year. Ignoring reviews of your online activity for long periods also means you make more work for yourself and raise your costs.

Read More »