Training

Phishing finding

by Mark Rowe

Most, 87 per cent of employees who opened a phishing simulation email did so on the day it was sent. That means organisations have little time to catch a targeted attack aimed at multiple employees, it is suggested by an anti-phishing email product company.

PhishMe Inc released a report after data was gathered from eight million phishing simulation emails sent to 3.5 million employees of enterprise, to provide analytics showing how susceptible enterprise employees are to falling victim to phishing attacks — the most common cyberattack vector in use, the US firm says. Also, the report suggests training can condition employees over time to spot, report and help defend their organisations against phishing.

The findings included:

– 67 per cent of those who responded to a phishing email are repeat offenders and likely to respond to another phishing attempt.
– Business communication themed emails were most effective at phishing; those with the subject lines “File From Scanner” (36 per cent) and “Unauthorised Activity/Access” (34 per cent) had the highest penetration rates.

Through training, the firm suggests, employees can be turned into security assets that can serve as a layer of intelligence and defence against attacks. Behavioural conditioning decreased susceptible employees’ likelihood to respond to a malicious email by 97 per cent after just four simulations.

Rohyt Belani, CEO and co-founder, PhishMe, said: “Analytics resulting from the report reveal three very pertinent conclusions — that enterprises remain vulnerable to phishing-driven compromises, they need to place more reliance on employees to help them defend their organisations, and consistent training turns employees into informants that can spot attacks before they turn into catastrophes.”

About the study

University of Cambridge and London School of Economics and Political Science contributed to the report with analysis of data samples collected from more than 400 PhishMe customers, having conducted over 4,000 training simulations, during a period of 13 months. To view the full findings, visit http://phishme.com/enterprise-phishing-susceptibility-report/.

Related News

  • Training

    Study of IT metrics

    by Mark Rowe

    A study on the state of risk-based security management with the Ponemon Institute examined the key risk-based security metrics IT security managers…

  • Training

    Cyber-savvy quiz

    by Mark Rowe

    People are still carelessly sharing private information over the internet, despite the consequences, according to a study by an IT security product…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing