Recent reports show that the number of cyber incidents reported by financial services firms to the Financial Conduct Authority (FCA) skyrocketed from 69 in 2017, to 819 in 2018. Ransomware and phishing attacks topped the list of reported cyber attacks, making the financial sector one of the most targeted industries for phishing crimes.
With the threat of phishing and spear phishing attacks only growing in severity, being aware of potentially malicious emails and impersonation scams has never been more important. However, our report – Why Do People Make Mistakes? – worryingly suggests that people in financial services are the most likely to fall for phishing scams. We found that nearly one in three financial services workers has clicked on a phishing email at work, making it the sector with the highest percentage of people falling for these attacks.
The problem is that people in financial services are under huge amounts of stress and pressure – and this often leads to mistakes online and puts cybersecurity at risk.
For example, nearly half of the people we surveyed from financial services (49%) described their current workload is either ‘overwhelming’ or ‘heavy’, while 70% said there is an expectation within their organization to respond to emails quickly.
Furthermore, an overwhelming majority 89% said they feel stressed at work, with nearly nine in 10 admitting they make more mistakes when stressed – significantly higher than the UK average of 71%.
Stress and overwhelming workloads can, ultimately, increase vulnerabilities to threats given that a person’s ability to spot anomalies in a phishing email becomes influenced by other tasks requiring their attention at the same time. With so much going on, overworked employees will likely rely more on habitual behaviors that inform their decision making, rather than engaging in rational, analytical thinking. Tiredness, too, also impacts our ability to question the legitimacy of messages we receive, leading to what could be a costly mistake for any business.
Mistakes are inevitable, especially when people are tired, stressed and facing a never-ending to do list. Cybersecurity is the last thing on their minds but it just takes one click on a malicious link or one response to a hacker’s request to compromise data and ruin a company’s reputation.
So, as cybercriminals continue to hone their skills and make spear phishing attacks more targeted and more believable, businesses need to consider how to prevent the inevitable mistakes. Consider how best to protect your people. Alert them to potential threats and provide them with the information they need – in real-time – to think before they click.