With Training, Phishing Attacks Dwindle

Wednesday, January 24, 2018 @ 01:01 PM gHale

Manufacturing and energy/utilities are two of the top six industries that have the highest percentage of phish-prone employees, a new survey found.

Drawn from a data set of more than six million users across nearly 11,000 organizations, the study conducted by KnowBe4 benchmarks real-world phishing results.

RELATED STORIES
HASP System Software Vulnerabilities
Complexity Grows in IoT Attacks
Surveillance Malware Hits Utilities, Manufacturers
Lack of Security Talent a Top Fear: Report

Results show a radical drop of careless clicking to just 13 percent 90 days after initial training and simulated phishing and a steeper drop to two percent after 12 months of combined phishing and computer based training (CBT).

Researchers anonymously tracked users by company size and industry at three points:
1. A baseline phishing security test
2. Results after 90 days of combined CBT and simulated phishing
3. The results after one year of combined CBT and phishing.

“Ninety-eight percent of cyber-attacks rely on social engineering and email phishing is the bad guys’ preferred method,” said Stu Sjouwerman, chief executive at KnowBe4. “Attackers go for the low-hanging fruit: Humans. Humans are the de-facto No. 1 choice for cybercriminals seeking to gain access into an organization. New-school security awareness training which includes frequent simulated social engineering testing is a proven method to dramatically slash an organization’s Phish-prone percentage.”

Top ten industries affected by phishing

A key point shown in the survey is one of the biggest issues affecting organizations is still that of the human element.

An end user could have security systems along with a multi-layered approach, but if the message does not come in loud and clear from the chief executive or the board, it will have little chance of succeeding.

Much like safety, a company that develops a strong security culture and understands that keeping systems up and running not only protects the operation, it acts as a business enabler to help manufacturers become more productive and, therefore, more profitable.

“Effectively managing this problem requires commitment and C-level buy-in, but it can be done and isn’t difficult,” Sjouwerman said.



Leave a Reply

You must be logged in to post a comment.