Up to 90 percent. employees perceive cyber threats to their workplace
Polish employees’ awareness of cyber threats is high. As many as 89% are able to identify possible forms of attacks on their company, according to a survey commissioned by Sophos. Still, as many as 1 in 10 employees do not know how to react when encountering a suspicious e-mail or program. What threats do Polish employees most often mention?
What threatens companies according to employees?
Staff awareness of cyber threats is higher in Poland than in the Czech Republic or Hungary, where 80% and 73% respectively know what the risks to their company might be. The threat most often indicated by employees is leakage of corporate information or credentials (38%). Slightly fewer respondents (37%) distinguished fake e-mails and malicious links in messages sent to employees. One in three believe that the threat could be carelessness of colleagues in the network and inadvertently downloading malware from suspicious sites.
Only in fourth place (27%) are actions of criminals exploiting vulnerabilities in the system. One in five think the threats could come from Actions of dissatisfied employees or inadequately secured and outdated equipment. The least indicated was carelessness of business partners and subcontractors (18%).
– Polish employees are far more likely to indicate threats resulting from inattentive staff or information leakage than from active cybercriminals. This is good news for companies – human error is often the weakest link in security. Criminals commonly use social engineering manipulations to “catch” unwary employees. Poles are familiar with these methods, which significantly increases the security of both themselves and the companies they work for – points out Grzegorz Nocoń, Systems Engineer at Sophos.
What do we do with a suspicious e-mail?
One in 10 Polish employees don’t know what they should do in case of encountering a suspicious e-mail, event or application during work. Employees in small and medium-sized companies are more often (10% and 13% respectively) than in large ones (5%). This is more than in Hungary or the Czech Republic, where 8% of respondents pointed to the lack of knowledge of procedures.
More than half (58%) of employees would report a dangerous event. One in three (32%) simply would remove a suspicious e-mail. Employees in larger companies (72%) are significantly more likely to report to the right person than those in small and medium-sized companies (50% and 57%). Those working in small companies (40%) are much more likely to delete an e-mail themselves than those working in medium (30%) and large companies (23%).
– In large companies, staff have access to IT specialists with whom they can consult their concerns, so they are less likely to act on their own and more likely to report incidents. In smaller companies, employees themselves react to threats such as malicious emails. So there is a clear need to educate and raise awareness of SME employees, so they can spot threats and act appropriately. No less important, however, is the use of external experts to help secure the infrastructure and respond to suspicious incidents – emphasizes Grzegorz Nocoń.
Lack of knowledge employees are more likely to be aware of potential cyber threats to which the company may be exposed of average and smaller companies, with up to 250 employees (12% and 13%) than large (8%). The problem with responding, on the other hand, most often affects those in an industrial company – as many as 16% of them don’t know how to behave in the event of an emergency. The best performers, however, are service providers, where it is as little as 5%.
About the study
message from polish workers The awareness of cyber threats is high. As far as 89% of them can identify possible forms of attacks on their company, according to a study commissioned by Sophos. Still as far as 1 in 10 Employees don’t know how to respond If you come across a suspicious email or program. What threats are most often mentioned by the staff?