Aussie workers wilfully gamble with enterprise security: report

Some three in four Australian employees are wilfully gambling with organisational security by engaging in risky actions such as reusing passwords, according to research from Proofpoint.

The company’s State of the Phish report found that 72% of Australian working adults admit to taking actions such as reusing or sharing passwords, clicking links from unknown senders or sharing credentials with an untrustworthy source.

Nearly all (98%) of the respondents admitting to these actions stated that they did so despite knowing the inherent risks involved.

The main motivations behind taking such risky actions include convenience (55%), the desire to save time (33%) and a sense of urgency (21%), the survey found.

The results also demonstrate a disconnect between the attitudes of security professionals and general employees. While 84% of surveyed security professionals believe that most employees know they are responsible for security, 53% of employees surveyed stated that they weren’t sure or claimed that they’re not responsible at all.

Likewise, while security professionals believe that more training (84%) and tighter controls (75%) are the answer to helping employees improve their security posture, 95% of employees say they’d prioritise security if controls were simplified and more user-friendly. 

The survey found that around 71% of Australian organisations had experienced a successful ransomware infection in the past year, while 73% said they had been targeted by email fraud attempts. Of the organisations impacted by ransomware, only 51% agreed to pay their attackers, which is down from 90% a year ago.

Proofpoint’s Director of Cyber Security Strategy for APJ, Jennifer Cheng, said the findings show that cyber extortion in the form of ransomware remains one of the biggest tools used by cybercriminals.

“Despite the low success rate, many organisations still make payments which cost the Australian economy up to $2.6 billion in damages every year,” she said. “That said, it is great to see this number declining in this year’s research and as the government plans to make declarations of payments mandatory as part of their new cybersecurity strategy.”

Image credit: iStock.com/Andreus