Awareness of phishing and ransomware attacks are considerably low, despite media reports of their increase.
According to a survey by Wombat Security of 2000 adults (1000 in the USA and 1000 in the UK) found that only 42% of UK respondents knew what ransomware was and only 17% could identify a phishing attack. Also, 37% of UK respondents believed that anti-virus software could stop a cyber-attack.
The survey also found that 27% of UK respondents believe a trusted location, such as a hotel or international airport, indicates a trusted Wi-Fi network, and 30% do not know what phishing is, with 10% unable to provide a guess.
Colin McTrusty, Director of EMEA at Wombat Security, told Infosecurity that he suspected that the number of those aware of ransomware had risen significantly after the WannaCry story, and that the research was completed 24 hours before the initial infections were reported.
“WannaCry has really boosted what we do, as a human being is the last line of defense and if we don’t recognize malware and do click on a button, you can have all of the best technology in the world but by and large it’s down to people how attacks get though,” he said.
Despite phishing being around for years, McTrusty said that gone are the days when bad spelling and mis-types were common, but what it does is help people recognize a phishing attack and look at a web address and have a ‘phish alarm button’, to make people much more aware in terms of their own security.
Asked if the classic phishing emails help awareness, McTrusty said: “It’s not new, but it’s much more prevalent and it’s always going to be around and there will be more targeted attacks such as spear phishing or whaling.”
Amy Baker, VP of Marketing at Wombat, added: "With this particular survey, we wanted to investigate the habits of the general population both at work and at home. What we found was a combination of perplexing and alarming, but also a unique look into the existing vulnerabilities of today’s workforce.
“We often find that those of us who work in cyber security overestimate the knowledge the general public has on cyber security risks and basic secure behaviors. This could be giving security professionals false confidence and may be the reason why just fewer than half of organizations have a security awareness training program for their employees.”