One in six employees would respond to a fake email from the executive suite and reveal sensitive company information.
This was the result of a survey by the Federal Office for Information Security (BSI) . Information about responsibilities in the company, the composition of departments, internal processes or organizational structures, which is obtained via so-called social engineering, is a valuable basis for cyber criminals to prepare targeted attacks on the company.
With the right information, cyber attackers can cause significant damage, such as CEO fraud. Emails from the executive floor are faked, in which authorized employees are instructed to make urgent transfers of large sums of money. If the attacker knows who to write to and how the processes work in the company, he can exert considerable pressure. The scam works, it's worth millions! This is also why the number of people who disclose sensitive information is far too high.”,
said BSI Vice President Dr. Gerhard Schabhüser.
Social engineering exploits human characteristics such as helpfulness and trust in order to cleverly manipulate employees.
For example, the attacker tricks the victim into disclosing confidential information, circumventing security functions, making transfers or installing malware on the private device or a computer in the company network. Raising employees' awareness of this type of fraud should therefore play an important role and be an integral part of a company's further training concept.
Awareness-raising measures are still urgently needed
More than half of the employees surveyed are actively listening to the topic of IT security in the workplace (58 percent). At the same time, almost 42 percent of those surveyed said they were not taking any action themselves.
Around 18 percent of those surveyed rely on the employer to adequately secure the company network and that they do not have to take any additional measures themselves. Another 13 percent expect the company to inform them when security measures should be taken. The remaining respondents do not inform themselves at all and do not receive any information from their employer (10 percent).
On the “ BSI for Citizens ” information portal, employees can also find many practical tips and recommendations on “ IT security in the workplace ” and on the topic of “ social engineering ”. In addition, in the second episode of the new podcast series “Into the Internet – with Security!”, two BSI experts from the Alliance for Cyber Security explain why IT security is important in the workplace and what employees themselves can contribute.
Companies themselves can become participants in the Alliance for Cyber Security and benefit BSI
Source survey: The online survey was carried out on behalf of the BSI by EARSandEYES GmbH in the survey period from June 6th to 11th, 2018 (n=666).
To the podcast with the topic “IT security in the workplace”
If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:
📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.
Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!
* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )

