Barracuda Research Shows 60% of Australian Employees Believe Links In Business Emails Are Safe And 22% Install Unauthorised Software On Work Devices

New report reveals high-risk employee behaviours making Australian organisations more vulnerable to cyberattacks

Barracuda, a trusted partner and leading provider of cloud-first security solutions, today released a new research report, The State of Cyber Resilience in Australia 2022, which shows how employee security behaviours and hybrid working are making Australian businesses more vulnerable to cyberattacks.

The findings reveal that 60% of employees assume links in emails are safe to click on if the message came through the corporate email system, and 22% download and install unapproved software onto devices used for work. Just over half (51%) of employees surveyed had been directly impacted by a cyberattack in the last 12 months.

The study surveyed 504 Australian IT decision-makers and non-IT workers in organisations of at least 50 employees. Key findings include:

Organisations are intensely vulnerable to email-borne threats

  • 52% of mobile users will click on a link if it comes from a “sender” that they trust.
  • 60% of respondents assume a link in an email is safe to click on if the email has come through the corporate IT system.
  • 20% of those who clicked on a malicious link only discovered this when their machine was infected with malware or ransomware.
  • 37% of respondents have not had training in key areas of cybersecurity awareness such as email security, malware, or ransomware, and 14% have had no training at all.

Security takes a backseat to flexibility and productivity – with senior management left most at risk

  • 44% of respondents say that security systems prevent them from working efficiently.
  • 33% admit to bending the rules to get a job done. This includes using a non-approved browser (31%), running traffic through a private VPN (29%), and using unauthorised third-party software (22%).
  • Senior managers are the most likely to bend the rules, with 52% saying they use unauthorised third-party software or cloud services to complete their work.

“Flexibility and agility have become key business mantras, but our research suggests that in increasingly hybrid work environments, some organisations and employees may be flexing too far and bending cybersecurity rules ‘to get a job done’,” said Mark Lukie, Sales Engineering Director, Barracuda APAC. “We also uncovered a lack of awareness regarding cybersecurity that could be leaving organisations exposed. Australian organisations need to urgently review their hybrid and work-from-home environments, commit to the adoption of best security practices like the Australian Cyber Security Centre’s Essential Eight[i] framework, and provide cybersecurity hygiene refresher training to staff, in order to protect against today’s evolving email threats, application vulnerabilities and the ever-present risk of data breaches.”

Mark Lukie, APAC Sales Engineer Manager, Barracuda

The research also found that there is limited use of multi-factor authentication (MFA) among Australian businesses. 40% of the respondents said they do not have MFA in place but rely on password management to protect credentials, while 74% of them said that remembering new complex passwords is a challenge.

The research was undertaken by StollzNow Research for Barracuda to get Australian organisations’ perspectives on the security challenges of remote work arrangements and other issues related to security culture and training in the workplace.