THE BLUE COAT SOCIAL MEDIA SECURITY REPORT 2016
Research reveals the opportunities EU employees are presenting to cyber-attackers on social media and messaging applications
LONDON, UK, September 15, 2016 – Blue Coat Systems, Inc., recently acquired by Symantec, the global leader in cyber-security, today revealed the results of an online study carried out by YouGov among 3,130 workers in various industries across Great Britain, France and Germany. The survey suggests that organisations are still being exposed to increasingly sophisticated cyber-threats posed by social engineering, where personal and work information is gathered, often via social media, and used to deliver advanced threats into networks.
Despite the increased use of social media applications, both inside and outside of the office, this survey reveals how workers are still failing to fully protect themselves from complex social engineering techniques like phishing, a form of fraud where hackers, posing as legitimate organisations or individuals, trick users into clicking on or downloading malware in order to obtain sensitive information such as login credentials or passwords.
User behaviours have not improved since 2015 and, in some cases, have grown worse. While some areas indicate an improved sense of social media savviness, other areas supply modern-day hackers with opportunities to exploit. Key findings amongst those who use social media include:
Bad habits continue
• In 2016, 42 percent of respondents report only accepting requests from people they know, suggesting a willingness to connect with strangers, down slightly from 2015 (43 percent).
• Privacy access and settings remain an issue, with only 40 percent of 2016 respondents still having set privacy settings allowing only certain people to view their profiles, the same as in 2015.
• When connecting with people, 41 percent of 2016 respondents always check identities before connecting, indicating a small uptick in caution when compared with 2015 which came in at 38 percent.
All generations pose a security risk
• Workers between the ages of 18-24 were less likely to set up privacy settings in 2016 (49 percent) than 2015 (60 percent). They are also less likely in 2016 to check the identities of people before connecting with them (53 percent), compared to in 2015 (57 percent). However, even after this decline, millennials were still markedly more discerning in both of these areas than other age groups.
• Workers within the 45-54-year-old bracket have improved in 2016, as 37 percent always check the identities of people before connecting, compared to 32 percent from 2015. Of those 55 and over in 2016, 40 percent check identities before connecting, up from 30 percent in 2015. Despite these improvements, the data shows that workers over 45 as a group tend to be considerably less vigilant than their counterparts.
• In 2016, millennials (workers aged 18 to 24) exhibited the worst password behaviour, with 14 percent using the same password for every application, almost double that of the whole working population (8 percent overall).
• Only just over one-third of all respondents use a different password for each social media and messaging application (36 percent).
German workers most likely to use encrypted applications
• Only 12 percent of respondents prefer to exclusively use applications that encrypt data by default, such as WhatsApp and Facebook Messenger.
• German workers are more likely to only use encrypted applications (21 percent) than both GB (10 percent) and French (5 percent) respondents.
Much to learn for all job sectors, including IT
• Financial professionals suggest the highest likelihood to connect with strangers, with 37 percent who only accept requests to connect from people they know, followed by HR (40 percent), Health (41 percent).
• When it comes to using different passwords across all applications, surprisingly IT professionals (39 percent) fare no better than their less-informed colleagues, trailing HR professionals (43 percent) and only slightly better than Health (36 percent), Sales (35 percent), and Financial (32 percent) professionals.
• IT professionals are the savviest when it comes to preferring only to use encrypted applications (16 percent), while Health professionals are the least likely to use them (10 percent).
• IT professionals are the most likely to check the identities of people before connecting (51 percent), compared to HR (45 percent), Health (43 percent), and Financials professionals (34 percent).
• Only 33 percent of HR professionals have set up privacy settings on their profiles, compared to 47 percent of IT and 45 percent of Health professionals, the two best-performing job functions.
Robert Arandjelovic, director of Blue Coat product marketing in EMEA for Symantec” said: “This research highlights the risks organisations are exposed to due to the behaviour of their employees on social media and messaging applications. Social engineering remains a common tactic for threat actors to gain access to business networks, in part due to many employees leaving security holes through poor social media practices. This makes it easier to have an account compromised, and for attackers to move laterally to more sensitive business applications that contain critical data.
Social engineers hack people, not computers, so it’s important to ensure humans aren’t the weakest link in cyber security. Encouraging employees to protect themselves online, with simple steps such as strong passwords for each application and privacy setting, will help navigate through the complexity of modern day threats.”
[ENDS]
N.B All figures, unless otherwise stated, are from YouGov Plc. Total sample size for 2016 was 6,044 adults, 3,130 of whom were workers, and fieldwork was undertaken between 6th-12th May 2016. Total sample size for 2015 was 4,265, 2,852 of whom were workers, and fieldwork was undertaken between 18th -25th May 2015. The surveys were carried out online. The figures for each survey have been weighted and are representative of all adults (aged 18+) in each respective country (GB, France, and Germany).
Survey statistics at a Confidence Level of 95 percent is +/- 2 percent accurate for the sample working population. For more information and statistics from the report please contact bluecoat@positivemarketing.com or call 0203 637 0640.
About Symantec
Symantec Corporation (NASDAQ: SYMC) is the global leader in cyber security. Operating one of the world’s largest cyber intelligence networks, we see more threats, and protect more customers from the next generation of attacks. We help companies, governments and individuals secure their most important data wherever it lives. More information is available at www.symantec.com or by connecting with Symantec at: go.symantec.com/socialmedia.
###
NOTE TO U.S. EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.
Symantec and the Symantec logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
FORWARD-LOOKING STATEMENTS: Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change. Any future release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be relied upon in making purchasing decisions.
###