Who has Really Bad Cyber Hygiene and Why
Did you know your biggest cyber security risk is your employees? Yes, it’s true. Humans are prone to mistakes and the bad guys know it. Older, less tech-savvy workers typically get singled out as ones with bad cyber hygiene, however there is a higher risk group.
Employees under 40.
Who’s to blame for this? It might just be you.
New research from the cybersecurity company, Ivanti, has uncovered hidden cyber security threats – your tech-savvy younger employees. These folks may be your biggest vulnerability. But why?
Let’s take a deep dive into the details.
More than 6,500 employees across the globe were surveyed, with an almost equal representation of demographics. The results were rather alarming.
The study found that younger office workers, those 40 or under, are more likely to disregard standard password safety guidelines. Can you believe that 34% admitted to using their birth dates as passwords, compared to just 19% of those over 40?
OK Boomer.
The habit of using the same password across multiple devices was also more prevalent among younger workers, with 38% admitting to doing this. 28% of the older demographic admitted to this behavior.
The younger survey takers also seem to under report phishing scams. A whopping 23% of the younger demographic didn’t report the last phishing attempt they received. Their reasoning? “I didn’t think it was important”. Just 12% of the older demographic failed to report phishing scams.
But surely, they understand the gravity of security threats against businesses, right? Well, not quite.
While ransomware and phishing were acknowledged as critical threats by 23% and 22% of employees respectively, the overall attitude towards cyber security leaves much to be desired. Responses under 50% to this question should scare business leaders. Ransomware and phishing are grave threats to businesses of all sizes. Upper-level management needs to be very concerned.
However, that doesn’t seem to be the case. A shocking number of respondents said their organizations did NOT provide any mandatory cyber security training.
From the US (30%) to the UK (17%), Netherlands (32%), Japan (35%), India (31%), Germany (22%), France (43%), Australia (29%) and China at an incredible (65%) – the numbers speak for themselves. How are employees supposed to know what to look out for, if they’ve never been taught to know what to look for?
Who’s Really Responsible for Cyber Hygiene?
Does this mean we should blame our young workforce when it’s clear that businesses aren’t doing enough to equip ALL their employees with the necessary cyber hygiene skills?
It’s high time we stopped treating cyber hygiene as an afterthought and started investing in regular cyber awareness training for everyone in our businesses. Yes, EVERYONE. Not just the tech team or the executives, but every single employee.
Since Covid, the C-suites and executives have had increased concern regarding cyber security. There have been increases in budgets to harden infrastructure and security teams. However, the #1 attack vector used by ransomware/phishing groups is social engineering.
Social engineering is a tactic used by bad guys to fool an employee into giving them the keys to the kingdom. Many times, the bad guys impersonate executives “who are stressed and, in a rush,” and claim that it’s vital they get access to something or to send a bank wire to a special account.
Business leaders must realize that employees are on the front line of defense against threat actors. Employees are as important to cyber security, as a firewall and spam filtration services. Cyber hygiene needs to be a daily part of all our lives.
At the end of the day, it’s not just about protecting your business; it’s about creating a safer digital world for us all..
We can help you do that. Get in touch