Ironic as it may sound, this pandemic has not only seen the proliferation of viruses of the biological kind, but also those of the digital one.
According to KPMG, criminal groups are increasingly switching to COVID-19 themed lures for phishing to exploit consumers’ and employees’ concerns over the pandemic and the safety of their loved ones.
Throw in the fact that many are now forced to work from home away from the watchful eyes of IT teams and security systems, and you’ve got a recipe for disaster. After all, KPMG states that there’s evidence that remote working increases the risk of a successful ransomware attack significantly.
Now, new data by email security and cyber resilience company Mimecast has found that these concerns are as valid in the UAE as they are elsewhere, given the alarming user behavior they discovered.
Mimecast conducted a global survey of more than 1,000 respondents working at companies with more than 100 employees and using a company-issued mobile device, laptop or computer for work, asking them about their use of work devices for personal activities and how aware they are of today’s cyber risks. The results highlighted the need for better awareness training, as people are clicking on links or opening suspicious emails despite having been trained, which in today’s remote working environment is a grave issue.
87% of UAE respondents extensively use their company-issued device for personal matters
Mimecast’s research found that in the UAE, 87% of respondents extensively use their company-issued device for personal matters, with two-thirds (66%) admitting to an increase in frequency since starting to work remote. The most common activities were checking personal email (57%), carrying out financial transactions (59%) and video calls with friends and family (50%).
In the UAE, 92% of men reported using their corporate device for personal business versus 75% of women.
According to the company’s State of Email Security 2020 report, personal email and browsing the web/shopping online were already two areas of major concern for IT professionals. In the Middle East, 66% of respondents said there was a risk to checking personal email as the cause of a serious security mistake, and 65% thought surfing the web or online shopping could likely cause an incident.
Encouragingly, all of the respondents in the UAE (100%) claim to be aware that links in email, on social media sites and on websites can potentially infect their devices. Eighty-one percent have even received special cybersecurity awareness training related to working from home during the pandemic. However, this doesn’t always translate into putting this knowledge into practice. Despite the majority of respondents, including those in the UAE, stating that they’ve had special awareness training, 61% still opened emails they considered to be suspicious. Meanwhile, 50% of the respondents admitted to not reporting suspicious emails to their IT or security teams.
Younger employees are a source of concern for companiesMimecast noted that despite being the most tech savvy generation, younger workers may be putting organizations at greater risk. Surprisingly, 50% of the 16-24 age group in the UAE admitted to opening emails even though they looked suspicious. This group is also more guilty of blurring the lines between their business and personal usage of these devices. Everyone in the 16-24 age group (100%) reported using their issued devices for personal use, while only 50% of the older – 45-54 group admitted the same.
“This research shows that while there is a lot of awareness training offered, most of training content and frequency is completely ineffective at winning the hearts and minds of employees to reduce today’s cyber security risks,” said Josh Douglas, Vice President of Threat Intelligence at Mimecast. “Better training is crucial to avoid putting any organization at risk. Employees need to be engaged, and trainings need to be short, visual, relevant and include humor to make the message resonate.”