Brits are coming out on top and demonstrating far better awareness of cyber risks compared with their US counterparts, in a new piece of research that looks at cyber practices amongst office workers on both sides of the Atlantic. A new global study by SailPoint, the leader in enterprise identity security, has found that out of those receiving a suspicious-looking work email or text, only 4% of UK employees would open the attachment and click on the link, compared with nearly 1 in 5 US workers (19%). Over half (53%) of Brits would delete it, compared with just over a third (36%) in the US.
The research comes as hackers ramp up attempts to infiltrate organisations through targeted attacks on employees, with methods like phishing on the rise. However, for the US, this is taking place more frequently. Over two-fifths (44%) say they’ve been made aware of targeted phishing schemes over the last year, and that these have increased from years previous – just over a fifth (23%) of UK respondents said the same thing.
This is no coincidence, as US office workers are demonstrating far riskier internet behaviour than their UK counterparts.
The research found:
Over a third of US staff (36%) admit to always using their corporate email for personal use, more than double that of Brits (16%).
Almost two-fifths (37%) of American employees use their corporate email address for social media logins compared with only 1 in 10 Brits.
Nearly a third (29%) of US staff use it for online shopping, compared with just 14% of Brits.
Employees are unknowingly creating visibility gaps and opening doorways into corporate infrastructure, with social media logins especially easy to spoof for spear-phishing attacks.
The picture doesn’t look any better for the US when compared to the rest of the world. The survey, which also looked at Australia, France, Germany and Japan, found that German staff are second most likely to use their corporate email for personal use with a quarter of workers (25%), while Australian staff are the most sensible when it comes to protecting the enterprise’s security perimeter – only 13% use their corporate email for personal endeavours.
Playing catch up
Ironically, the US has received more training on phishing over the last year compared to any other country (65% compared with 52% for Germany, 50% for UK and Australia, 47% Japan and 27% for France). There’s still a long way to go for all countries when it comes to supporting employees in cyber security best practice: nearly a third (31%) of US workers still haven’t received crucial training, but this is lower than the UK (46%), Germany (44%), Australia (46%), Japan (48%) and France (67%).
Steve Bradford, Senior Vice President EMEA at SailPoint said: “Brits are being more sensible when it comes to dealing with phishing emails, and keeping distance between personal and professional logins. But the US is playing a game of catch up and organisations are right to be doing more targeted security training to support employees, so that they can recognise a phishing email and act appropriately.
“Brits are showing great prowess in recognising suspicious messages, but this becomes more difficult as hackers continue to find increasingly sophisticated ways to trick employees and gain entry into enterprises. More cyber security training is paramount for employees to feel they are being supported and protected as much as possible.”