SailPoint Technologies, a leader in identity security, today announced the results of the “Trust Issues” study. The specially conducted survey was aimed at being able to better detect and prevent IT security gaps in companies. Based on the behavior of employees, it was examined how confidently employees navigate in the IT environment of their company and where the biggest security gaps lie. The study highlights the discrepancy between the self-assessment of employees and their actual handling of business information, their company email accounts and phishing attacks in everyday life.
How aware are employees of cyber attacks on their company?
An interesting result of the current study is the awareness of cyber attacks on the IT structures of one’s own company. According to this, a clear majority of 73% of respondents said that they had received fraudulent emails in the last year. In addition, more than half of the respondents (53%) are aware that their company has been the target of phishing campaigns, of which a clear majority of 30% have noticed a sharp increase in the number of attacks.
How confident are employees in dealing with damaged emails?
Like the awareness of cyber attacks on the company, the self-assessment in dealing with malicious emails is also good for the respondents. For example, 83% of respondents stated that they were very confident or at least confident in being able to recognize a phishing email. This is in line with the number of cyber security training courses that more than half of the respondents (52%) have already received from their company. As a consequence, the handling of phishing emails is to be classified as exemplary by the vast majority: 48% said they delete suspicious emails immediately – another 24% said they immediately forward them to their IT department. Nevertheless, there remains a percentage of 16% of respondents who would respond to phishing emails or even open attachments to the mail.
How easily can employees be deceived?
Even though the study basically paints a positive picture of awareness and the handling of malicious emails, some results can be used to determine where security gaps and problem areas lie despite training and education. Especially the developments towards a hybrid way of working, which were initiated in the course of the Covid-19 pandemic, pose great challenges to IT departments, especially in terms of security. The extent to which the boundaries between leisure and everyday work are dissolving is shown by the use of company emails for private purposes. More than half of the participants in the study stated that they use their business email address outside of work, for example for social media logins, newsletter subscriptions or online shopping. This behavior is confirmed by the 46% of respondents who use their company mail more often for private purposes and the 25% who even use it privately every day. In addition, there is the handling of business information in the social media area. Almost two thirds of the respondents stated that they had published information about their employer, position and contact details here.
Volker Sommer, Area VP ROOF at SailPoint
“The fact that German employees continue to use their business email accounts for private purposes is a big problem, as it significantly increases the attack surface for cybercriminals,” says Volker Sommer, Area VP ROOF at SailPoint . “In order for Hybrid Work to be successful in the long term, awareness needs to be improved here. Only if employees are well prepared for the dangers associated with the still highly tense threat situation, companies can be sure that digitization will not become a stumbling block in terms of IT security.”
The study was conducted with the market analysis service provider Dynata and surveyed 500 people who work in companies with over 2,500 employees.