According to a new report from security awareness training company Wombat Security, people are starting to get the message on phishing.
When asked, 'What is phishing?', 65 percent of those surveyed in the US answered correctly. Ransomware remains a bit of a mystery for many, however, 52 percent were not even able to hazard a guess in response to 'what is ransomware?'
There's also a cultural difference between US and UK in how much employees blur the lines between work and home. In the US, 49 percent of those surveyed reported checking their work email on their personal phone compared to 29 percent in the UK. Plus 50 percent of the respondents in the US admitted to checking personal email on their work computers compared to 31 percent in the UK.
Among other findings there's a 64 percent increase in organizations measuring end user risk from 2015 to 2016. However, 76 percent of infosec professionals still report their organizations being victims of a phishing attack and 51 percent say the rate of attacks is increasing -- though both these figures represent decreases from 2015 to 2016, illustrating that while training and education is working, the threat of attacks continues to remain high.
End-users are more likely to fall for a simulated phishing email of a type they would expect to find in their work inbox rather than a consumer related item. One of the highest Wombat phishing template average failure rates is 34 percent from an email titled, 'Message from Administrator' that asks the user to click on a link if they feel they received the message in error or didn't sign up for a certain account.
"Staying vigilant and implementing a Continuous Training Methodology is key to securing organizations," says Joe Ferrara, president and CEO of Wombat. "We've seen an increase in organizations making an investment in an end user security training and awareness program with 66 percent of infosec professionals now measuring their organization's susceptibility to phishing and 92 percent training end users on how to identify and avoid phishing attacks."
Wombat's latest State of the Phish report can be found on the company’s website.