Data
breaches
hit
the
headlines
last
year,
but
they
have
seemingly
had
little
impact
on
how
IT
decision
makers
view
the
risks
to
their
organisations.
According
to
new
research
from KnowBe4, less
than
four
in
ten
(37
percent)
Australian
IT
decision-makers
say
they
are
concerned
about
phishing
as
a
risk
to
their
organisation,
compared
with
almost
the
same
number
(38
percent)
in
2021.
Even
fewer
are
concerned
about
Business
Email
Compromise
(BEC)
–
27
percent
compared
with
28
percent
in
2021.
Alarmingly,
less
than
four
in
ten
(37
percent
– 42
percent
in
2021)
IT
decision
makers
say
they
are
confident
they
would
know
the
steps
they
would
need
to
take
following
a
cyber
incident
or
data
breach
in
their
organisation.
Furthermore,
just
four
in
ten
Australian
IT
decision
makers
believe
the
employees
in
their
organisations
understand
the
business
impact
of
falling
victim
to
a
cyber
attack
(42
percent
– 40
percent
in
2021),
are
confident
their
employees
can
identify
phishing
and
BEC
emails
(38
percent
– 42
percent
in
2021),
and
that
their
employees
report
all
emails
they
believe
to
be
suspicious
(38
percent
– 39
percent
in
2021).
Jacqueline
Jayne,
Security
Awareness
Advocate
for
APAC
at
KnowBe4
is
concerned:
“When
those
charged
with
keeping
a
business
secure
are
unaware
of
the
risks
and
employees
are
unable
to
identify
scam
emails
and
SMS
messages,
their
organisations
are
at
significant
risk.
According
to
the
ACCC, Australians
lost
a
record
$424.8
million
to
scams from
January
to
September
2022
(up
a
massive
90
percent
over
the
same
time
the
previous
year).
If
those
in
charge
of
security
are
unaware
of
best
practices,
then
they
cannot
educate
and
train
employees.”
Employees’
behaviour
putting
organisations
at
risk
Fortunately,
the
recent
data
breaches
do
seem
to
have
improved
employees’
password
hygiene.
A
quarter
(26
percent)
of
Australian
office
workers
admit
to
using
the
same
password
for
more
than
one
account,
which
is
significantly
less
than
in
2021
(34
percent
in
2021).
However,
that’s
where
the
good
news
ends.
Employees
of
all
ages
are
engaging
in
risky
behaviour,
with
more
than
one
in
ten
admitting
to
using
their
work
email
address
(13
percent)
and
their
work
phone
(16
percent)
for
personal
activities.
Three
in
ten
(30
percent)
don’t believe
using
their
work
email
for
personal
activity
is
a
security
risk
to
their
employer.
Only
just
over
half
say
they
never
engage
with
suspicious
emails
(56
percent
– 57
percent
in
2021)
and
suspicious
SMSs
(54
percent
– 57
percent
in
2021),
with
only
four
in
ten
(40
percent,
the
same
as
in
2021)
saying
they
always
report
suspicious
emails
and
SMSs
to
the
IT
team
responsible
for
cybersecurity.
“When
employees
are
using
their
work
email
address
for
personal
activities
such
as
online
shopping,
they
are
much
more
likely
to
fall
victim
to
a
phishing
attack
that
uses
a
hook
such
as
delivery
delays
to
entice
the
victim
to
click
through.
Having
a
clear
separation
between
work
and
personal
activities
makes
it
much
easier
to
spot
when
an
email
is
a
scam
–
if
you
know
you
never
shop
online
using
your
work
email
address,
then
you
know
that
email
from
Amazon
cannot
be
real,”
explains
Jayne.
“How
employees
perceive
their
role
is
a
critical
factor
in
sustaining
or
endangering
the
security
of
the
organisation,”
explains
Jayne.
“It
is
imperative
that
employees
are
educated
on
securing
not
only
their
professional,
but
personal
environments.
What
they
learn
and
how
they
incorporate
into
everyday
behaviours
and
attitudes
is
then
completely
transferable
into
their
personal
lives
and
will
protect
their
own
data.”
Younger
employees
are
most
risky
The
KnowBe4
research
reveals
that
younger
office
workers
may
be
at
highest
risk
of
cyber
attacks.
They
are
more
likely
than
their
older
counterparts
to:
-
Engage with
suspicious
emails
(Gen
Z
62
percent
and
Millennials
51
percent
compared
to
Gen
X
39
percent
and
Baby
Boomers
21
percent) -
Engage
with
suspicious
SMSs
(Millennials
55
percent
compared
to
Gen
X
43
percent
and
Baby
Boomers
24
percent) -
Say
they
are not confident
that
they
could
identify
suspicious
emails
(Gen
Z
61%,
Millennials
45%
and
Gen
X
46%,
compared
to
Baby
Boomers
34%).
About Author
