Major UK businesses are leaving themselves vulnerable to the most common form of cyber attack – malicious email attachments – research by UK-based cyber security firm Glasswall Solutions has found.
58% of office workers among 1,000 employees surveyed at mid-to-large UK businesses revealed they usually open email attachments from unknown senders, leaving businesses open to breaches from documents carrying malicious exploits hidden inside common file-types.
Despite the widely-publicised growing threat from social engineering, where hackers create emails that look as if they have come from someone the recipient knows, 83% admitted always or usually opening attachments if they appear to be from a known contact.
>See also: Seasonal spam: the unwanted email gift that gives and takes
“Employees need to trust their emails to get on with their work, but with 94% of targeted cyber attacks now beginning with malicious code hidden in an email attachment, the security of major businesses should no longer be the responsibility of individual office-workers,” said Greg Sim, CEO, Glasswall Solutions.
“Conventional anti-virus and sandboxing solutions are no longer effective and relying on the vigilance of employees clearly leaves a business open to devastating cyber-attacks that will siphon off precious data or hold the business to ransom.”
The survey revealed the scale of cyber breaches, unveiling that 34% of the UK office workers questioned said their business had been victim of a cyber attack, with 76% acknowledging that they have received email attachments that were suspicious.
>See also: The fight against cyber crime requires innovative defence
“This research confirms anecdotal evidence that although security awareness campaigns have their place, all too often they fail to equip workers with effective strategies for protecting data and systems,” said Professor Andrew Martin at the University of Oxford. “Technology that’s fit for purpose reduces risks without placing added burdens on those simply trying to do their jobs.”
Employees clearly feel vulnerable – 58% in the survey said they would feel safer from cyber-crime if their employer had the right technology to protect them. One in five (20%) said the business they work for has no policy on how to handle email attachments, or they have not been made aware of it.
The results also show how UK office workers are faced with thousands of decisions about cyber security. More than half of those surveyed (55%) said they sent or received at least 11 documents via email every working day, meaning there are 2,585 potentially malicious files in circulation from a single employee each year.
>See also: Don’t let email attachments become your weakest link
“Instead of relying on a failed combination of outdated anti-virus defences and the vigilance of their hard-pressed employees to protect them, businesses need innovative technology that stops all the threats in email attachments before they enter a network,” said Sim.
“Zero-day attacks have massively increased and most employees will never know they have been responsible for a catastrophic breach because the malware they are responsible for admitting may be triggered weeks after they clicked on an attachment.”
“But there is no excuse for complacency or defeatism – businesses need to implement the right technology and formulate an effective risk-policy in relation to email attachments. That way they will be back in control, instead of becoming yet another expensive, high-profile victim of hacking.”
Nominations are now open for the Tech Leaders Awards 2017, the UK’s flagship celebration of the business, IT and digital leaders driving disruptive innovation and demonstrating value from the application of technology in businesses and organisations. Nominating is free and simply: just click here to enter. Good luck!