Phishing attacks have escalated sharply in recent years. What was once a nuisance has become a mainstream—and increasingly dangerous—problem. In addition to an increase in the frequency of attacks, phishing methods have become far more sophisticated. From staff members to executives in the C-Suite, employees have been duped into providing log-in data and other credentials that put an organization at risk. Wombat Security's second annual "Beyond the Phish" report, offers some perspective on this issue. "Spear-phishing, business email compromise (BEC), and email-based ransomware are keeping response and remediation teams on their toes," the report notes. "But these are far from the only ways attackers can gain a foothold within an organization or compromise sensitive data and systems." The key to thwarting attacks and minimizing risk? Employee education and training. Wombat examined 70 million responses to its CyberStrength Knowledge Assessments from June 2016 to May 2017. Here are some of the key findings from the research, as well as the firm's 2017 "User Risk Report."
Organizations Struggle to Curtail Phishing Attacks
Phishing has become a mainstream—and increasingly dangerous—problem. In addition to more frequent attacks, phishing methods have become far more sophisticated.
The percentage of organizations that answered security questions in 10 categories incorrectlydropped from 22% to 20% over the past year. On average, they answered more than 75% of questions correctly across most categories.
Confidentiality Is Critical
Respondents fared worse about understanding how to protect confidential information. 26% answered questions about the topic incorrectly, compared to 27% the previous year.
Dealing With Data Destruction
25% answered questions about protecting and disposing of data securely incorrectly, down from 30% the previous year.
24% of the respondents could not correctly answer questions about identifying phishing threats, down from 28% the previous year.
Passing Grade on Passwords
88% of respondents understood how to generate safe and effective passwords, but that's down from 90% last year.
Industries That Struggle the Most
The worst-performing industries for answering cyber-security and phishing questions correctly include healthcare, transportation and retail. All answered 24% of the questions incorrectly.
Industries That Struggle the Least
The top-performing industries for knowledge about cyber-security were telecom, government and technology. All answered 20% of the questions incorrectly.
Mobile = Risk
71% of the respondents said they regularly use corporate mobile devices outside the office, 54% post to social media with those devices, and 43% allow friends or family members to view or post to social media on those devices.