Nearly half of IT decision makers say employees have 'fallen for the phish'
Websense maker of employee Internet management solutions, has announced the results of its Phishing Trends study, which is part of the company's annual Web@Work survey conducted by Harris Interactive. And the survey suggests phishing Web sites remain difficult to identify and many companies are not well protected against phishing attacks. According to Websense's 2005 Phishing Trends Survey, only one-third (33 per cent) of employees polled said that they have heard of phishing. Similarly, four per cent of employees surveyed admitted that they had "fallen for a phish" and clicked through a link to a phishing Web site at work. Conversely, 82 per cent of IT decision-makers surveyed stated that their employees have received phishing attacks via e-mail or Instant Messaging (IM). In addition, 45 per cent of IT decision-makers surveyed who have had employees receive a phishing attack said that their employees did click through the URL on the phishing attack. So what accounts for the discrepancy between the employee and decision-maker perspectives? Websense suggests that employees might have a difficult time deciphering whether a Web site accessed via a link in an e-mail or instant message is legitimate or "spoofed" -- a fraudulent Web site that appears to be authentic. Not surprisingly, half (50 per cent) of the IT decision-makers surveyed do not believe that employees can accurately identify phishing sites. "Phishers are becoming more sophisticated in their deception techniques to lure employees to spoofed Web sites, as most employees cannot determine which is a valid site and which is a fake," said Dan Hubbard, senior director of security and technology research, and head of Websense Security Labs, at Websense, Inc. "However, employees don't have to 'fall for the phish' and actually enter confidential information on a phishing Web site to be compromised. By simply clicking on a phishing URL, the site can install spyware, such as a malicious keylogger, on the employee's computer which has the ability to capture data such as network passwords or social security numbers without their knowledge." Phishing is a relatively new phenomenon, but it is already viewed as an important security problem for IT decision-makers -- 32 per cent of IT decision makers polled report that phishing attacks have caused security problems for their organizations in the past year. In addition, the majority of IT decision-makers surveyed do not feel their company is well protected from Internet security threats, such as phishing attacks. Forty-three percent feel their company is only somewhat protected, and 14 per cent feel their company is not very, or not at all, protected. "Although the Websense survey shows that only four percent of employees admit to clicking on phishing URLs, this is actually a high number in the security community," says Brian Burke, research manager for security products at IDC. "It only takes one employee to click on a phishing site and accidentally give out confidential corporate data, customer records, network passwords, or trade secrets, to jeopardize an entire organizations' intellectual property." To mitigate Web-based threats such as phishing attacks, 60 per cent of IT decision-makers surveyed reported they block executable programs (attachments) transmitted through e-mail. However, only 14 per cent said they block HTML within e-mails. Also, 47 per cent of IT decision-makers surveyed said they block executables transmitted through IM, but only 24 per cent indicated they block HTML within IM. From Feb. 21 to 28, 2005, 354 U.S. IT decision-makers who work for organizations with at least 100 employees were interviewed online and from Feb. 28 to March 21, 2005, 500 U.S. employees who have Internet access at work and who work for organizations with at least 100 employees were surveyed over the telephone on phishing and IT security in the workplace.
Reproduced from an article published by eChannelLine USA
© eChannelLine USA
The original article can be viewed here:
http://www.integratedmar.com/ecl-usa/story.cfm?item=19540
Permalink Bookmark Digg this story
