Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Report: Most ANZ IT and security leaders have fallen for a phishing attack

A new report from Arctic Wolf reveals what the company calls the “hubris” of technology leaders in Australia and New Zealand.

user icon David Hollingworth
Thu, 17 Oct 2024
Report: Most ANZ IT & security leaders have fallen for a phishing attack
expand image

Cyber security firm Arctic Wolf has just published its 2024 Human Risk Behaviour Report, and it does not paint a rosy picture when it comes to the security practices of technology and security leaders in the ANZ region.

Sapio Research – which did the actual polling on Arctic Wolf’s behalf – spoke to over 1,500 senior security and IT decision-makers from 16 countries, including 100 end users and 100 decision-makers in New Zealand and Australia.

Based on the results, leaders in the region are alarmingly overconfident. Despite 84 per cent of those polled saying they were confident their organisation would not fall victim to a phishing attack, 70 per cent had, in fact, clicked on phishing links themselves.

============
============

It gets even worse, with 42 per cent disabling security measures on their personal devices and 67 per cent admitting to reusing passwords.

It also turns out that while many businesses – 67 per cent – have AI policies in place, only 25 per cent of end users are even aware the policies exist, pointing to a problem in education.

But perhaps more alarmingly, 30 per cent of IT leaders have seen an employee terminated after falling victim to a scam, a statistic that points to a culture of “don’t ask, don’t tell” when it comes to reporting cyber incidents. Unsurprisingly, 45 per cent of end users admitted to being afraid that reporting an incident would lead to their termination.

“It’s imperative that employees feel comfortable reporting incidents so they can be confident the issue is addressed without recrimination or dire consequences such as being fired, and the learnings built into future security practices,” Mark Thomas, director of security services – ANZ at Arctic Wolf, told Cyber Daily.

“Setting a good example for cultivating a positive cyber awareness culture is a collaborative exercise – it starts with the top, so IT leaders need to be empowered to address the current climate of scam response with measured and effective approaches.

“One positive benefit from Australia’s ‘no-fault’ reporting mandate is the potential to see organisations empowered to transition from a culture of concealment and victim-blaming to that of transparency. This approach should be adopted from leadership within the workplace to improve cyber preparedness and business resilience throughout the organisation.”

Speaking on the importance of educating staff in good cyber security practices, Thomas said Arctic Wolf’s report highlights “the importance of internal vigilance and robust cyber and data security measures across all levels of the enterprise, including entry-level employees”.

“However, the fact that even IT leaders are falling prey to phishing scams means that there is a real call to action to lead by example and enshrine strong cyber best practices in their organisation,” Thomas said.

“This starts with regular engagement through information sessions, making education fun and inspiring rather than a checkbox compliance exercise, and empowering teams with security awareness training.”

You can read the full 2024 Human Risk Behaviour Report here.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.