Cybersecurity training urged as phishing threat to firms revealed

Datapac research finds one in five workers gets no IT security and awareness training

Phishing is a tactic where scammers trick users into revealing confidential information by sending emails that appear to be genuine.
Phishing is a tactic where scammers trick users into revealing confidential information by sending emails that appear to be genuine.

Up to 185,000 Irish office workers have been victims of a phishing scam, a new survey has claimed.

About 14 per cent of workers said they had been caught out, with millennials more likely to fall for the scams at 17 per cent, and baby boomers following at 7 per cent. Only 6 per cent of Gen Xers were caught by the fraud.

This was despite the fact that millennials were most confident of spotting the scam, with only 14 per cent saying they would not be certain of detecting any fraud. That compared with 17 per cent of those aged 42-53, and 26 per cent of baby boomers, typically aged 54 and over.

Phishing is a tactic where scammers trick users into revealing confidential information by sending emails that appear to be genuine. Passwords, financial information and other sensitive data could be revealed during the attack, which puts businesses at risk both in terms of their reputation and potential General Data Protection Regulation breaches.

READ SOME MORE

The survey was conducted by Censuswide for technology solutions and services provider Datapac in conjunction with security firm Sophos, questioning 500 office workers around Ireland.

Millennials as victims

Training may be a major part of it, with one in five workers saying they had never received IT security and awareness training.

Some 44 per cent of workers aged in the 54-plus age group said they had clicked on a link or attachment from an unrecognised sender, compared with 34 per cent of millennials and 26 per cent of Gen Xers. That trend is more worrying when teamed with the findings that 36 per cent of respondents in the older age group said they had been targeted by such an attack.

“Despite millennials’ confidence in their ability to spot an email scam, they were in fact found to have been victims most often. This confidence may stem from complacency and emphasises the need for employers to provide cybersecurity training and ongoing refresher training to ensure all staff remain alert,” said Karen O’Connor, general manager of Datapac.

‘Cross-department buy-in’

“Phishing is not just a problem for the IT department to solve, but is an organisational issue requiring cross-department buy-in. Operational and HR teams play a crucial role in creating a culture of awareness. Under GDPR, organisations are obligated to put in place adequate safeguards for customer data, making this a key business concern. User-awareness training should be provided on an ongoing basis in the same way as other vital employee training such as health and safety.”

Sophos's country manager Dermot Hayden said the security firm had seen a "pronounced increase" in instances of attempted spear phishing attacks, specifically targeting senior workers who had access to highly valuable financial and organisational information.

“If hackers can gain access to a company’s funds through this method, the financial loss could be disastrous, particularly for SMEs. It is crucial senior employees remain vigilant against these tactics,” he said.

Ciara O'Brien

Ciara O'Brien

Ciara O'Brien is an Irish Times business and technology journalist