Unisys’ latest Security Index found that while 60 per cent of Australians saw themselves as responsible for keeping their data secure, many were unable to spot potential threats to their personal information.
Fifty-five per cent were unaware that scammers might use SMS messages to trick them into handing over personal or financial information, with 39 per cent unaware of the risks that could come with clicking on a link in a text message, email or social app.
Sim jacking proved to be another major blindspot for Aussies, with 79 per cent unaware of the threat.
What’s more, even if they were scammed, a sizable 73 per cent were unsure of where they should report that incident.
Perhaps most troubling, 48 per cent said that they were not as careful on their phone as they are on their laptop when it comes to sharing their personal and financial information.
According to Unisys industry director of cybersecurity Gergana Winzer, the digital threatscape is quickly adapting to the realities of the post-pandemic.
“With the need to be able to prove vaccination status to access many services and venues, and the proposed introduction of a vaccine passport to travel overseas, scammers are already tailoring very sophisticated attacks that mimic government agencies and other organisations we trust,” she said.
Ms Winzer said that many of these scammers try to trick consumers into clicking on a link or downloading an app, which can then launch malicious code or hijack personal details for nefarious ends.
“There’s a lot of focus on public and employee education campaigns to raise awareness of scams in order to avoid them. But education is only part of the solution – it must be repeated and continually updated to ensure people are aware of new, sophisticated threats,” she said.
While 43 per cent admitted that they had downloaded software, apps or programs onto their work machine without the approval of their organisation’s IT department, Ms Winzer encouraged businesses to look at this figure as an opportunity.
“Security and employee experience are fundamentally integrated: employees who download unauthorised software risk creating unsecured links to devices and systems,” she said.
Ms Winzer also encouraged organisations to take a closer look at what unauthorised apps are installed and ask why. She recommended organisations measure the adoption of approved tools to work out how to negate the temptation or need for individuals to install unauthorised software.
“Is it really a gap in tools required to perform a job? Or is it because employees aren’t aware of the functionality already available, or are they simply reluctant to change from what they are familiar with?”
Ms Winzer conceded that humans will still make bad decisions but argued that businesses should take that into account when planning around cyber risk.
“Organisations also need a holistic approach to security that also includes processes, policies and technologies to make it extra hard for people to do the wrong thing.”