Today's business world is highly digital, requiring companies to use online resources more often than ever before if they want to remain efficient and competitive with rival organizations. While using next-generation web tools can enhance employee productivity, failing to implement the proper security tools can ultimately jeopardize an enterprise's sensitive information.
This is especially true in regard to email, which lets virtually anyone send and receive messages. A new study by PhishMe revealed the dangers of improperly using email, as approximately 69 percent of survey respondents said they regularly encounter spear phishing messages, despite having anti-spam software.
Spear phishing is an online attack in which malicious individuals send a seemingly innocuous message to a user that contains some ulterior malign motive. These attacks are becoming increasingly frequent today, as more enterprises embrace BYOD (bring your own device) programs that let individuals use personal electronics to access corporate resources.
"Many enterprises believe that because they are using spam filtering tools or other email security technologies, they are safe from phishing attacks," PhishMe product management and services vice president Scott Greaux said. "What we found in our survey is that despite such filters, end users are presented with live, malicious attacks in their inboxes nearly every day."
Cyber landscape is becoming more malevolent
The survey, which polled 250 security professionals during the recent Black Hat conference in Las Vegas, revealed that approximately 27 percent of respondents said at least one of their senior-level executives has been compromised by a spear phishing attack within the last 12 months. An additional 31 percent said they were unsure if their data security capabilities had been jeopardized.
Despite the awareness of these web threats, roughly 49 percent of respondents said employees are only trained in regard to securing sensitive solutions once a year. Conversely, about 9 percent said they have no data protection training programs at all.
"This survey demonstrates with great clarity that phishing attacks – particularly targeted attacks – are getting through to end users with alarming regularity, yet most organizations don't train their users on what the most current attacks look like or how to react to them," PhishMe CTO and co-founder Aaron Higbee said.
This was echoed in another survey by Guidance Software, which revealed that approximately 64 percent of U.K. employees do not receive any training material relating to how they can enhance data loss prevention by avoiding malware and other malicious resources. Another 23 percent of survey respondents said they didn't think the protection of confidential records in their office was a problem, IDG News Service reported.
"A large proportion of workers clearly believe they play an important role in protecting against malware attacks and keeping data secure and half understand the risks associated with devices," Guidance Software's Frank Coggrave said, according to IDG News Service. "But the majority are not being adequately trained."
Higbee asserted that enterprises need to be more assertive and proactive in their data security practices if they want to keep sensitive solutions and information secure. Decision-makers need to ensure they implement a regular and realistic training regimen for employees, as taking a passive stance will only put a company more at risk.
The need to keep sensitive solutions out of harm's way is becoming even more important today during the evolution of mobile solutions and cloud computing, as these technologies allow individuals to access mission-critical resources from virtually anywhere in the world. By educating employees how to safely access confidential records, businesses may be able to keep sensitive information safe, despite the ever-growing presence of web threats.
Data Security News from SimplySecurity.com by Trend Micro