Blue Coat Systems, Inc., recently acquired by Symantec, the global leader in cyber-security, today revealed the results of an online study carried out by YouGov among 3,130 workers in various industries across Great Britain, France and Germany. The survey suggests that organisations are still being exposed to increasingly sophisticated cyber-threats posed by social engineering, where personal and work information is gathered, often via social media, and used to deliver advanced threats into networks.
Despite the increased use of social media applications, both inside and outside of the office, this survey reveals how workers are still failing to fully protect themselves from complex social engineering techniques like phishing, a form of fraud where hackers, posing as legitimate organisations or individuals, trick users into clicking on or downloading malware in order to obtain sensitive information such as login credentials or passwords.
User behaviours have not improved since 2015 and, in some cases, have grown worse. While some areas indicate an improved sense of social media savviness, other areas supply modern-day hackers with opportunities to exploit. Key findings amongst those who use social media include:
Bad habits continue
· In 2016, 42 percent of respondents report only accepting requests from people they know, suggesting a willingness to connect with strangers, down slightly from 2015 (43 percent).
· Privacy access and settings remain an issue, with only 40 percent of 2016 respondents still having set privacy settings allowing only certain people to view their profiles, the same as in 2015.
· When connecting with people, 41 percent of 2016 respondents always check identities before connecting, indicating a small uptick in caution when compared with 2015 which came in at 38 percent.
All generations pose a security risk
· Workers between the ages of 18-24 were less likely to set up privacy settings in 2016 (49 percent) than 2015 (60 percent). They are also less likely in 2016 to check the identities of people before connecting with them (53 percent), compared to in 2015 (57 percent). However, even after this decline, millennials were still markedly more discerning in both of these areas than other age groups.
· Workers within the 45-54-year-old bracket have improved in 2016, as 37 percent always check the identities of people before connecting, compared to 32 percent from 2015. Of those 55 and over in 2016, 40 percent check identities before connecting, up from 30 percent in 2015. Despite these improvements, the data shows that workers over 45 as a group tend to be considerably less vigilant than their counterparts.
· In 2016, millennials (workers aged 18 to 24) exhibited the worst password behaviour, with 14 percent using the same password for every application, almost double that of the whole working population (8 percent overall).
· Only just over one-third of all respondents use a different password for each social media and messaging application (36 percent).
German workers most likely to use encrypted applications
· Only 12 percent of respondents prefer to exclusively use applications that encrypt data by default, such as WhatsApp and Facebook Messenger.
· German workers are more likely to only use encrypted applications (21 percent) than both GB (10 percent) and French (5 percent) respondents.
Much to learn for all job sectors, including IT
· Financial professionals suggest the highest likelihood to connect with strangers, with 37 percent who only accept requests to connect from people they know, followed by HR (40 percent), Health (41 percent).
· When it comes to using different passwords across all applications, surprisingly IT professionals (39 percent) fare no better than their less-informed colleagues, trailing HR professionals (43 percent) and only slightly better than Health (36 percent), Sales (35 percent), and Financial (32 percent) professionals.
· IT professionals are the savviest when it comes to preferring only to use encrypted applications (16 percent), while Health professionals are the least likely to use them (10 percent).
· IT professionals are the most likely to check the identities of people before connecting (51 percent), compared to HR (45 percent), Health (43 percent), and Financials professionals (34 percent).
· Only 33 percent of HR professionals have set up privacy settings on their profiles, compared to 47 percent of IT and 45 percent of Health professionals, the two best-performing job functions.
Robert Arandjelovic, director of Blue Coat product marketing in EMEA for Symantec said: “This research highlights the risks organisations are exposed to due to the behaviour of their employees on social media and messaging applications. Social engineering remains a common tactic for threat actors to gain access to business networks, in part due to many employees leaving security holes through poor social media practices. This makes it easier to have an account compromised, and for attackers to move laterally to more sensitive business applications that contain critical data.
Social engineers hack people, not computers, so it’s important to ensure humans aren’t the weakest link in cyber security. Encouraging employees to protect themselves online, with simple steps such as strong passwords for each application and privacy setting, will help navigate through the complexity of modern day threats.”