Cisco report says Brits lack email security awareness

By Ron Condon, UK bureau chief 11 Feb 2008 | SearchSecurity.co.uk

Security UK News Digg This!     StumbleUpon     Del.icio.us

British workers are the most likely to open dodgy-looking emails than any other developed nation except the Chinese, according to new research by Cisco on the habits of corporate workers.

While only 25% of US workers, 23% of French workers and 28% of Japanese admitted opening suspicious emails, the figure in the UK rose to 45%. Only the Chinese, at 54%, showed a higher level of curiosity.

But although the Brits like to see the message text, they are better disciplined when it comes to opening unsafe attachments or going to websites of dubious origin. Only 3% admitted doing so – far fewer than most other countries. In Japan, 14% opened attachments, followed by India (11%), China (8%), Germany (6%) and Australia (5%). Only 2% of US workers admitted opening attachments or suspicious URLs.

We are blurring the lines between personal and corporate assets Patrick Gray Security Strategist, Cisco

The Cisco research marks the second year the company has surveyed attitudes in 10 industrial countries, questioning 100 IT decision-makers and 100 remote workers (end-users) in each country.

The survey also found an increase in workers using their work computers for personal use, such as shopping. In the UK, 43% of respondents said their company had no objection to them doing so.

It seems also that the lines between work and home computers are blurring, with a greater proportion of remote workers using personal devices to access work files, and work devices to access personal files than they did in 2006. That trend seems to be strongest in China and the US.

"What we are seeing here is some risky behaviour," said Patrick Gray, a security strategist with Cisco, and a former member of the FBI and National Security Agency in the US. "We have more remote workers, and we are blurring the lines between personal and corporate assets. And with Web 2.0, everyone has hopped on the bandwagon of socialising with people around the world."

He said a lot of people at work feel comfortable because they believe their PCs are locked down tightly. "But with the threat vectors changing we need to take a look at how to tackle them," he said.

He said that from his own research, he saw hackers from around the world starting to use stealth tactics to get into networks and steal intellectual property. "Why pay millions in research and development when you can steal the information? We are not worrying enough about the risk to our corporate assets, and that is what really frightens me,"" said Gray.

He added that poor security procedures were allowing hackers to penetrate networks. "Once inside, they escalate their privileges to become basically an unpaid systems administrator. Then they grab the corporate data and piecemeal it out very slowly, so that we don't even know that they've been there." He also predicted that the upcoming Beijing Olympics would provide a fertile time for fraudsters trying to launch phishing attacks and lure users into lowering their guard.

Jim Mulheron, business development director at The Security Company, a consultancy, said that users would always be a weak link in security. "Technology and procedures can only do so much. You need to impose a cultural and behavioural change in the organisation so that people understand the implications as to their own vulnerabilities."

He said people had to be made aware of the potential repercussions of any mistake or a "moment's lack of thought". And for compliance purposes, he said, organisations also need to be able to show they provide users with adequate training and information, so that they can prove good practice in the event of a security breach.

Tags: Email and Instant Messaging Security,  Endpoint and NAC Protection,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Email and Instant Messaging Security Bloxx provides means of filtering personal emails Fake CV spam campaign marks return on malicious email attachments Antispam technologies remain typical, but hosted model gains footing Report: Spam attacks targeting high-profile enterprise roles Websense integrated security system aims to simplify security management Preventing phishing attacks: Enterprise best practices Chinese hacker attacks target Google Gmail accounts, top tech firms PDF attack code complicates security analysis, skirts detection Understand role-based access control in Microsoft Exchange 2010 Yahoo login credentials at risk to hijacking attack Endpoint and NAC Protection Microsoft issues temporary fix for Windows Shell zero-day Attackers target Windows Shell zero-day via USB sticks Perimeter defenses deemed ineffective against modern security threats Market snapshot: PC virtual desktops on a USB Alternatives to buying full-on network access control (NAC) systems Apple iPad security debated as U.K. launch approaches Microsoft to issue two critical bulletins, SharePoint to remain vulnerable Logical and physical security integrated by U.K. startup Panel debates 'buy vs. build' mobile device security policy management Data encryption methods: Securing emerging endpoints

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Centre for the Protection of National Infrastructure  (SearchSecurityUK.com) Computer Misuse Act 1990  (SearchSecurityUK.com) Regulation of Investigatory Powers Act  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary