Nearly half (43%) of UK and US employees have made errors leading to cybersecurity repercussions, according to a new study from Tessian. The analysis, undertaken in April during the height of the COVID-19 pandemic, suggests that the disruption and additional stress and distractions of remote working are making organizations more vulnerable to cyber-attacks facilitated by human error.
In the survey of 1000 workers in the UK and 1000 workers in the US, a quarter admitted to clicking on a link in a phishing email whilst at work. This most commonly occurred in the technology sector (47%).
Additionally, 20% of companies revealed they have lost customers due to sending an email to the wrong person. This was a mistake 58% of employees admitted to making and a further 10% said they had lost their job as a result.
Distraction was the biggest cause for these kinds of mistakes, according to the report. Nearly half (47%) highlighted being distracted as the main reason for falling for a phishing scam while 41% said this was the biggest factor in sending an email to the wrong person.
Other major reasons for clicking on phishing links were fatigue (44%) the perceived legitimacy of the email (43%) and because the emails purportedly came from a senior executive (41%) or well known brand (41%).
Over half of workers (52%) added that they make more mistakes at work when stressed, 43% when tired and 41% when distracted. Notably, 57% of workers stated they are more distracted when working from home.
With home working set to become much more common following the health crisis, the report suggests businesses need to focus on providing more extensive user awareness training.
Tim Sadler, CEO and co-founder of Tessian, commented: “To prevent simple mistakes from turning into serious security incidents, businesses must prioritize cybersecurity at the human layer. This requires understanding individual employees’ behaviors and using that insight to tailor training and policies to make safe cybersecurity practices truly resonate for each person.”
News Source: https://www.infosecurity-magazine.com/