Fewer employees are reporting security incidents

Here's what employers can do to help rectify the dangerous situation

Fewer employees are reporting security incidents

Employees reporting cybersecurity incidents to IT are getting fewer, according to a new report, which also reveals the causes and impact of phishing and other email blunders in the workplace.

The new report from email company Tessian revealed that one in four or 21% of employees did not report mistakes related to security incidents to IT, higher than the 16% in 2020.

It comes as 26% of the report's respondents said they fell for a phishing email at work in the last 12 months, said the report, with the number of employees falling victim to such attacks increasing by one per cent in the last 12 months.

About 52% of the employees who fell for phishing email said that they became victim to after their attacker impersonated a senior executive at the company. Good news is the click-through rates on phishing emails because threat actors impersonated well-known brands dropped.

Aside from phishing, the report also found that employees were susceptible to smishing, a phishing attack over SMS. One-third of the report's respondents said they were deceived by such in the last 12 months, with older people more susceptible to them.

Impact of phishing attacks

Phishing attacks and email blunders that compromise data offer nothing but negative effects for the company.

About 29% of the report's respondents said that their organisation lost a client or customer after an email was sent to the wrong person, while 35% said that they had to report such incidents to their clients, which results to trust breaking.

These cases could explain why some organisations are taking a harsher stance on such blunders from staff. According to the study, 21% of the respondents lost their jobs because of a mistake, much higher than the 12% reported in July 2020.

Read more: Beware! Phishing scam uses voice calls to 'trick' workers

What can employers do?

Jeff Hancock, a professor at Stanford University, attributed employees' recent susceptibility for phishing attacks to the changers brought about by the pandemic.

"With the shift to hybrid work, people are contending with more distractions, frequent changes to working environments, and the very real issue of Zoom fatigue - something they didn’t face two years ago," Hancock said in a statement.

According to the professor, people's cognitive loads become overwhelmed due to distraction and fatigue, and this could lead to mistakes.

"Businesses need to understand how factors like stress can impact people’s cybersecurity behaviours and take steps to support employees so that they can work productively and securely," he advised.

Josh Yavor, chief information security officer of Tessian, also advised organisations to make their IT security teams visible in the "human layer" of the company so they can understand the causes and make up solutions to prevent such mistakes that lead to serious security incidents.

"This requires earning the trust of employees; and bullying employees into compliance won't work. Security leaders need to create a culture that builds trust and confidence among employees and improves security behaviours, by providing people with the support and information they need to make safe decisions at work," Yavor said.

Recent articles & video

Manitoba government reinstates 1:1 apprenticeship ratio

Two-thirds of Canadian organizations expecting cybersecurity incident

Training leaders to address chronic pain issues

Employee relocation to another province

Most Read Articles

Province introducing paid sick leave as of Oct. 1

Lecturer fired for misogynistic paper published in his name

Ottawa limiting employers’ access to Temporary Foreign Worker Program