KnowBe4, the world’s largest security awareness training and simulated phishing platform, recently released a phishing-by-industry benchmarking report that shows how important it is to train employees about this common cyberthreat. The study performed more than 20 million simulated phishing security tests. The purpose: to discover how likely employees are to fall for a phishing attack or social engineering tactics. The upshot: Untrained employees are a major danger to businesses regardless of industry.
What Is Phishing?
Phishing is a type of cybercrime that attempts to gather information by tricking the target. Targets are typically sent authentic-looking messages asking for sensitive data such as login credentials or account numbers. This type of cyberattack poses a real risk, not only for individuals, but for businesses as well.
Breaking Down the Report
The initial baseline of the study was administered to organizations who had yet to have their employees go through any sort of security awareness training programs. After testing nearly 9 million users across 18,000 organizations, KnowBe4 analyzed the data to measure the average phish-prone percentage (the likelihood of a user to click on a suspicious message) by industry. What they discovered was a high level of susceptibility in these employees.
The results of the study revealed the average Phish-prone percentage of these employees was 29.6 percent across all industries. That’s 2.6 percent higher than a year ago. This means regardless of what industry you’re in or how big your organization is, the problem of social engineering is always present. The research also showed drastic declines in susceptibility after only 90 days of “new school” cybersecurity awareness training.
Common Information Security Mistakes
Often, many organizations tend to approach cybersecurity with the mindset of improving their security software. That’s fine—improving your security software and keeping it up-to-date is always a good idea. However, you can’t forget about the human factor. Building up your human layer of defense will greatly enhance your security efforts.
The Importance of Cybersecurity Education
As phishing attacks become increasingly sophisticated, the likelihood of exposure to cyberattacks continues to go up. Even if your business increases its investment in security software, it won’t mean much if an employee unknowingly invites a virus onto your network. This report is a stark reminder that untrained employees are a company’s greatest risk.
Improve Your Cybersecurity Awareness
Your network is only as safe as the protection around it. This includes security software, vulnerability testing, and training. At SSE, our team of experts provides a variety of cybersecurity services to enhance your network’s protection, including employee education. We use KnowBe4’s unique training methods to build your employees’ awareness of cyberthreats. If you’d like to learn more about our services, give us a call today!