The majority (69%) of employees are aware of putting their organisations at risk of ransomware or malware infections, data breaches, or financial loss based on findings from Proofpoint Inc.’s tenth annual State of the Phish report.
Moreover, the study revealed that the incidence of successful phishing attacks has slightly declined, with 68% experiencing at least one successful attack compared to 72% the previous year. However, negative consequences have soared, including reports of financial penalties (449%) and reputational damage (18%).
Human-centric threats
Key findings in Singapore revealed that 70% of employees admitted to reusing or sharing a password, clicking on suspicious links, or giving their credentials to untrustworthy sources.
Moreover, the study revealed that 7 in 10 employees still choose to take risks despite 99% understanding the inherent risks involved in their actions, which might compromise their organisation’s security. Employees cited convenience (64%), the desire to save time (41%), and a sense of urgency (28%) as their main reasons behind their risky actions.
Humans vs cybercriminals
Ryan Kalember, chief strategy officer of Proofpoint, said that malicious players take advantage of employees of organisations exploited through negligence, compromised identity, or even malicious intent.
“Individuals play a central role in an organisation’s security posture, with 74% of breaches still centering on the human element. While fostering a security culture is important, training alone is not a silver bullet. Knowing what to do and doing it are two different things. The challenge is now not just awareness, but behaviour change,” Kalember said.
