Employees are still finding it difficult to locate phishing emails, with nearly three-quarters of companies seeing their staff fall into the trap when they occur. security awareness tests to the company.
Coalfire tested 525 companies on security awareness through various tests. It was found that 71% of companies failed their phishing tests, recording an increase of 8% from last year's 63%.
Over half employees have revealed their passwords.
The weak passwords and unsafe internal processes, such as file access restrictions and lack of staff training, along with the old software, were the three most common safety gaps discovered during the tests.
"Many businesses are taking steps to upgrade their security infrastructure, especially when most systems are moved to in cloud, but they still do not face any of the key problems, ”said Andrew Barratt, UK Coalfire CEO.
Overall, there were fewer businesses high-risk weaknesses identified in last year's penetration tests - possibly as a result of the transition to cloud computing, which reduces the need to secure and maintain the infrastructure that is allowed. Penetration tests also detected incorrect cloud security settings.
There is a misconception by many that the in cloud automatically means accepting greater risk, but only if there are incorrect settings.