HCS, a leading IT, cybersecurity, and digital transformation services company, announced the results of new research that explores office workers’ attitudes to, and experiences of, cybersecurity at work. The study found that in the past 12 months, more than half (51%) of office workers in Ireland have clicked on a link or attachment within a suspicious email sent to their work email address.
The research of 503 office workers based in Ireland was carried out by Censuswide on behalf of HCS, with the support of Fortinet, global leader driving the evolution of cybersecurity and the convergence of networking and security. It found that 50% of those who admitted to clicking on a link and/or attachment in a suspicious email also claimed to be confident that they can identify phishing emails when they receive them.
Of those who opened a suspicious link or attachment, 61% reported it to the proper authority in their workplace immediately, while 34% reported it within the same day, but not immediately.
As employees can often be the first point of attack for cyber criminals targeting businesses, those surveyed were asked how they determine whether a communication received on a work-related device is legitimate. The survey found that 65% check whether it has come from a caller or sender that they recognise, 53% check whether the caller or sender is asking for private or sensitive information, and half look for grammar or spelling errors. A quarter (25%) contact the caller or sender via another form of communication to confirm their identity.
As the cyber threat landscape continues to evolve, 67% of those surveyed say they are aware of their company having a plan or protocol in the event of a successful cyberattack. Despite this, just 41% of office workers said their employer has provided formal cybersecurity awareness training in the past year. Of those who haven’t received any cybersecurity training in this timeframe, 79% said that their previous training is not sufficient to keep pace with modern cyber threats.
When asked what they perceive to be the biggest cyber threats to their business in 2024, Irish-based office workers named human error (49%), malware (49%) and social engineering such as phishing (43%). Some 42% say phishing attempts are becoming more convincing.
Dan Hegarty, Head of Sales, HCS, said: “This research serves to highlight some of the real-world cybersecurity risks facing businesses. Employees are often the weakest link in an organisation’s chain of cyber defences, so it’s concerning to see that a large number of the employees who were deceived by a suspicious email also believe that they are alert to cybersecurity threats.
“Evidently, the training that employees are receiving – if any – may not be enough. The survey underscores the need for regular cybersecurity awareness training within organisations. The reality is that – particularly now, given the speed of advancement in AI – what could have sufficed 12 months ago may now be outdated. Complacency in this area could prove to be the biggest threat to businesses.
“Our research also shows that it’s not enough to just have a strategy in place in the event of a cyberattack. Any strategy needs to be tried and tested across the business and continually updated as cyberattacks continue to become more advanced. At HCS, we see first-hand the daily challenges posed to customers by cyber criminals attempting to exploit vulnerabilities. We ensure that security is at the core of everything that we do for our customers, minimising risk and enabling better business performance.”
Paul Donegan, Country Manager Ireland, Fortinet: “These findings underscore the need for continuous improvement within organisations. In a cyber landscape that’s becoming ever more complex, businesses must make cybersecurity a key priority and they must equip their employees with the tools to do the same. That’s why through the Fortinet Training Institute we are committed to supporting companies of all sizes to keep pace with evolving cybersecurity trends and skill sets with appropriate cybersecurity training and courses for every person in the organisation.
“It’s also important that employees understand the importance of putting their hands up if they make an error of judgment or are misled by a fraudulent email or call. It’s crucial to get out in front of a potential breach, and employees need to realise that time is of the essence and report an incident as soon as it happens. It’s up to organisations to promote this from the top down and instill a sense of cybersecurity ownership and responsibility across the business.”