• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • About
  • Structure
  • Gradebook

ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

ThreatList: 3 Out of 4 Employees Pose a Security Risk to Businesses

October 31, 2018 by Connor Fairman 4 Comments

The title kind of speaks for itself, but I found this statistic to be very surprising because you’d think that employees would be briefed on how to properly handle data or items that could reveal someone’s personal information. “Respondents were asked a variety of questions based on real-world scenarios, such as correctly identifying personal information, best practices for logging onto public Wi-Fi networks and spotting phishing emails. Based on the percentage of privacy- and security-aware behaviors correctly identified, survey takers were labeled one of three things: A risk (lacking in security awareness), a security novice (possessing some awareness) or a security hero (having good awareness).” I thought one thing was very fascinating; managers and upper-level employees scored worse than entry-level employees.

https://threatpost.com/threatlist-3-out-of-4-employees-pose-a-security-risk-to-businesses/138506/

Filed Under: Week 09: Malware Tagged With:

Reader Interactions

Comments

  1. Haitao Huang says

    October 31, 2018 at 4:48 pm

    I also find some interesting findings from the study:

    1. Employee performance was worse this year across all eight industry verticals measured. Respondents did much worse in identifying malware warning signs, knowing how to spot a phishing email and social media safety.

    2. Managers showed riskier behaviors than lower-level employees. Management performed worse than their entry- and mid-level counterparts when asked how to respond to a suspected phishing email. Only 69% of managers chose the correct answer vs. 86% of lower-level employees. And nearly one in six management-level respondents – 17% – chose to open an unexpected attachment connected to a suspected phishing email.

    3. Finance sector employees performed the worst. Of the seven vertical industry sectors examined, financial employees got the lowest scores. 85% showed some lack of cybersecurity and data privacy knowledge. And, 19% of finance workers thought opening an attachment was an appropriate response to a suspected phishing email.

    4. Too many employees could not identify phishing emails. 14% of employees could not identify a phish, a notable increase from 8% in 2017. And, 58% could not define business email compromise.

    Log in to Reply
  2. Xinteng Chen says

    October 31, 2018 at 4:49 pm

    Hi Connor

    This is an interesting article for us to read. To reduce the security risks of employees, security awareness training is the most useful method. Employees should establish their awareness to protect the cyber security. Organizations should create a plan for them to have training program. If there are any new social engineer incidents come out, the organization should remind employees in time.

    Log in to Reply
  3. Yingyan Wang says

    November 2, 2018 at 4:49 pm

    Hi Connor,

    Human is usually the weakness part of business. It requires continuing awareness training to face new cyber challenges. Employees should realize their positive and negative impact in the organization. How to educate and train employees are always questions to the company.

    Log in to Reply
  4. Brock Donnelly says

    November 5, 2018 at 2:46 pm

    I think this is a great example as to why businesses should have an internal phishing/threat campaign backed with a training program for all the offenders. From what I have seen in my working experience is that people are less fatigued as they are happy to turn a blind eye because they just don’t care or refuse to learn something new. The other sentiment is that “it just isn’t their job.” Perhaps companies should hire with cybersecurity in their job descriptions. “All new hires will needs a basic understanding of cyber threats, i.e. phishing, malware and data privacy.

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Uncategorized (14)
  • Week 01: Overview (7)
  • Week 02: TCP/IP and Network Architecture (18)
  • Week 03: Reconnaisance (17)
  • Week 04: Vulnerability Scanning (19)
  • Week 05: System and User Enumeration (17)
  • Week 06: Sniffers (17)
  • Week 07: NetCat and HellCat (15)
  • Week 08: Social Engineering, Encoding and Encryption (21)
  • Week 09: Malware (14)
  • Week 10: Web Application Hacking (17)
  • Week 11: SQL Injection (15)
  • Week 12: Web Services (25)
  • Week 13: Evasion Techniques (8)
  • Week 14: Review of all topics (15)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in