UK businesses are under constant cybersecurity threats, and they’re not coping too well, new research has found.
A report from Sophos are saying that roughly every other business has been compromised by phishing attacks in the last two years.
At the same time, more than half spotted their employees replying to shady emails and opening links in them. All of this – despite the fact that these businesses are conducting phishing awareness training and similar workshops.
The report is based on a poll of more than 900 European IT directors, and it says that businesses in France and the Netherlands are faring similar to the UK. Ireland, on the other hand, is doing quite better with just 25 per cent of respondents saying they fell victim to phishing in the last two years.
The report also says that the larger the business – the bigger the threat. Just 25 per cent of companies with 250 people and less were compromised by phishing attacks.
“Criminals are adept at using social engineering to exploit human weakness, so while well-trained employees are an excellent deterrent, even the best end user can slip up,” said Adam Bradley, UK managing director at Sophos.
“Organisations need to ensure employees remain vigilant to the threat posed by phishing attacks and ongoing training should be part of that to spot check employees and ensure they respond correctly and continue to follow the guidelines they’ve been given.”
“By training and conditioning employees to recognise and report suspicious emails, organisations have a much better chance of stopping active attacks in progress instead of relying on technology alone to do so," commented Mollie MacDougall, threat intelligence manager at Cofense.
"As shown here, many UK organisations have implemented cyber awareness training initiatives already, however these should be actively engaging and consistent, rather than just a compliance tick-box exercise."
Image source: Shutterstock/wk1003mike