Results of a survey challenging respondents to spot fake emails used for phishing have indicated that 98 per cent of respondents (including a number of IT professionals) failed to recognise email phishing attempts.
The survey, conducted by IT services company, Conosco, targeted a select group of senior individuals across a range of SME companies, to gauge how well this ‘IT savvy’ group could identify increasingly sophisticated hacking attempts.
Some 70 per cent got more than half the answers right but only 6 per cent managed 100 per cent success, indicating that businesses remain exposed to risk. In fact, lack of staff awareness/training was highlighted as a significant security concern.
The ‘Real or Steal’ challenge involved participants judging a series of emails and trying to decide whether or not each email was genuine.
Out of the examples, most people (93 per cent) correctly identified a PayPal email as being fake. On the other hand, most participants were fooled by a phony LinkedIn message, with 63 per cent getting it wrong.
Phishing is an increasingly worrisome problem, particularly in the UK, as the annual Internet Security Report from Symantec (April 2016) points out.
In the report, the UK was ranked as ‘the most targeted nation for spear phishing attacks and ransomware in 2015’.
Max Mlinaric, managing director of Conosco says, ‘When there is a security breach in blue chip companies you tend to hear of it, and can wrongly assume large companies are most commonly targeted.
‘SMEs often present easier pickings for the hackers, as IT skills, security levels, awareness and sometimes personnel training are sometimes lower than in large companies which have deeper pockets. It is crucial that SMEs ensure their IT is as secure as possible, that complacency is battled and their staff are regularly trained in resisting phishing attempts.’
Further reading on cybersecurity