Five practical cybersecurity tips for working remotely safely
Proofpoint, a cybersecurity and compliance company, released its seventh annual State of the Phish report in which it analyzes organizations’ experiences with phishing while deepening user awareness, vulnerability and resilience against these threats. . In summary, over 75% of security professionals say their companies recorded widespread phishing attacks – both successful and unsuccessful – throughout 2020, while ransomware infections reached 66% of participants in this global study. .
Based on information gained from 600 new information security professionals from Germany, Australia, Spain, USA, France, Japan and UK, Proofpoint reflects different data on the situation of some 3,500 employees in these countries. The report also analyzes the results of more than 60 million simulated phishing attacks sent over a year to active professionals by Proofpoint client companies, as well as the characteristics of the approximately 15 million emails reported through PhishAlarm by the users.
“Cybercriminals all over the world are attacking people through agile, relevant and sophisticated communications, keeping email as the primary attack vector,” said Fernando Anaya, Country Manager at Proofpoint. “It is essential for organizations to ensure that their users know how to detect and report any attempted cyberattack, especially employees who work remotely from less secure environments. Although some companies already offer this training at the safety to their staff, the data from this survey shows us that most companies are not doing enough. “
The State of Phishing Report highlights the need for a people-centered approach to cybersecurity protection, as well as user awareness to deal with the changing circumstances that organizations have experienced over the years. the past year due to the pandemic. On this last point in particular, the Proofpoint study highlights a lack of personalized training for users on threats. For example, 87% of Spanish companies have required or requested in 2020 that a large part of their workforce engage in telecommuting, but only 36% have trained these users to work remotely safely.
“These data on teleworking in Spain are certainly revealing,” says Anaya. “Most of the security professionals interviewed in Spain support a remote working model for at least half of their organization’s workforce and, however, just over a third of these employees have received specific training in related cybersecurity. We have also found that Spanish workers use their work devices to respond to personal emails, search for offers and purchase products, among other practices, which can generate certain risks, so it is necessary to strengthen actions training adapted to employees, remotely to make them aware of current threats ”.
In addition to practical cybersecurity tips, the Proofpoint report provides detailed analysis of the phishing landscape to help businesses reduce their exposure to these attacks. Here are some of the main global findings from the Proofpoint study:
In 2020, more businesses were victims of successful phishing attacks than in 2019 (57% vs. 55%, respectively). Corporate email engagement (BEC) also remains a major concern. Of the two-thirds of respondents whose organizations were infected with ransomware in the last year, more than half chose to pay the ransom in the hopes of quickly gaining access to their data. 60% of those who paid were able to recover their data and / or systems after the first payment. On the other hand, around 40% received new ransom demands, which represents an increase of 320% compared to 2019. In total, 32% agreed to pay these additional demands, an increase of 1500% contrary to what happened in the previous exercise. 80% of organizations surveyed indicated that cybersecurity training reduced their risk of being a victim of phishing. Even so, while 98% of the security professionals participating in the study say their organization has awareness programs in this area, only 64% offer user training sessions formally as part of these cybersecurity initiatives. . On average, 11% of Proofpoint client companies failed to overcome phishing simulations, slightly below the 12% achieved in 2019. At the same time, the resistance factor was 1.2, indicating that employees in these organizations are more likely to report suspicious emails than to interact with it. The manufacturing industry faced the highest volume of actual phishing attacks on average in 2020, according to Proofpoint Threat Research. Organizations in this industry were also among the most active in testing their users’ behavior in the face of simulated threats, typically reporting an 11% incidence. By department, the purchasing teams obtained better results with an average impact of 7%. On the other hand, maintenance and installation professionals came last with 15% and 17% respectively.
Proofpoint has also collected specific data in Spain with which to observe the variations around cybersecurity practices and behaviors between the different regions:
87% of Spanish companies required or needed a large part of their workforce to adopt teleworking in 2020, but only 36% offered training to their users on the best practices for working remotely. security. Regarding ransomware, 66% of information security professionals surveyed in Spain said their organization suffered such an infection in 2020. However, 41% of Spanish organizations refused to pay a ransom after the incident of the ransom. This makes them the least predisposed to negotiate with attackers in front of companies in Australia (38%), Japan (36%), France (35%), Germany and the UK (both with 31%) , all far behind. United States (10%). 22% of employees in Spain believe their organization will automatically block malicious emails. On the other hand, 64% know that there are attachments that may contain malware, while 60% are aware that they should be wary of any unsolicited email message. When it comes to cybersecurity training content, phishing simulations are less common in Spanish organizations (11%) compared to the global average (29%), focusing on educating employees on best practices mainly through face to face or face to face. face-to-face computer sessions (44%). 35% of respondents in Spain say their organization penalizes employees who are regularly victims of phishing attacks, whether they are simulated or real. These consequences for “repeat” victims occur to a lesser extent than in the rest of the countries participating in the study, where the world average is 55%. Some of the sanctions that Spanish organizations apply to their biggest offenders include counseling sessions by security teams (60%), various disciplinary measures such as receiving a written warning from the human resources department (51%) or authorizations for access to withdrawal systems (43%). For 80% of those surveyed, the implementation of this consequence model leads to an improvement in employee awareness of cybersecurity.
Desde Proofpoint animan a las organizaciones a desarrollar de manera proactiva estrategias de ciberseguridad centradas en las personas que no solo consideren aquellas experiencias compartidas entre regions, sectors o departamentos de trabajo, sino tambin aquellas amenazas de carcter nico que puedan m impactar a y suilla Goals.