Organizations that don’t educate their employees on the dangers of phishing are putting themselves at risk, a report from security training platform KnowBe4 claims.
The company recently tested employees to see how likely they were to fall for a phishing scam and found that that almost a third (31.4 percent) failed to identify such an attack.
Phishing is a type of cyberattack that sees a malicious actor deliver an email to the victim containing either a dangerous attachment or web link. In case of the latter, the link usually leads to a spoofed website where the victim is asked to provide sensitive data, such as credentials and payment data.
KnowBe4 argues that the best way to prevent phishing is to educate the employees on the dangers of clicking on links and downloading attachments from unverified sources.
Following a three-month training period, the company’s tests showed a 50 percent decline in the number of potential phishing victims, while a year of regular training can bring the number down to 4.8 percent.
“In critical industries like Energy & Utilities and Healthcare & Pharmaceuticals where lives can be severely impacted, we found particularly high levels of cybersecurity risk as a result of simulated phishing test failures,” said Stu Sjouwerman, CEO at KnowBe4.
“This is deeply concerning. Organizations should monitor their risks due to the majority of data breaches originating from social engineering. This data shows us that implementing security awareness training with simulated phishing testing will help to better protect organizations against cyber attacks.”