New research from ELMO Software has revealed that 48% of Australian and New Zealand workers feel their workplaces are ill-equipped to deal with an imminent cyber attack threat. The research was based on a recent survey conducted with over 1000 Australian workers providing feedback on the state of cybersecurity in their workplaces.
The research also showed that 43% of Australia and New Zealand (ANZ) workers admit they fear falling victim to a scam or a phishing attempt via their work devices. Additionally, almost one-third (30%) of the participants confessed to not knowing how to protect themselves against a phishing strike at the work environment.
Particularly at risk are small to mid-sized businesses – only 33% of employees in companies with less than 200 staff claim their organisations provide necessary staff training, compared to 64% of employees in organisations with 200 or more workers. Employee training, among other preventive methods, is crucial to equipping employees with knowledge and tools to defend against cyber threats.
The study indicates a growing workers' concern about their personal information being compromised as part of a cyberattack on their workplaces, with nearly half of the participants expressing worry over such a scenario.
ELMO Software CEO, Joseph Lyons comments, "It’s alarming to see that almost a third of the workforce in Australia and New Zealand don’t feel equipped to stop themselves from being duped by a hacker at work." Lyons further suggests that companies need to consider whether they have the right technology and measures in place to safeguard their data and shield it against possible access by unauthorised third parties.
Interestingly, the study showed that 23% of participants admit to using non-approved software, apps or devices at work – a burgeoning practice known as 'shadow IT'. Carmen Nunez, ELMO's Senior Information Security Manager, warned of the risk associated with this trend. Employees might get tempted to sign up for free trials and upload valuable company information without considering potential risks, leading to possible malware and ransomware attacks, and other cyber threats.
Nunez emphasises the importance of having an approach that covers people, processes and tools in mitigating these risks. These could include supplier security, employee education, and the right tools to detect and disable unauthorised applications.
The data suggests that mid-sized businesses are less likely to implement preventative action compared to larger organisations. Lyons warns, " Mid-sized business leaders might think they're less of a target compared to bigger, well-known organisations. But falling into that trap could be leaving them exposed."
Overall, the study indicates that cybersecurity is no longer the sole responsibility of IT departments given the surge in attacks that target human vulnerability. Collaboration among HR leaders and their IT and Finance counterparts is crucial to develop continuous training, especially in the light of securing company data held on employees.