Phishing attacks have escalated sharply in recent years. What was once a nuisance has become a mainstream—and increasingly dangerous—problem. In addition to an increase in the frequency of attacks, phishing methods have become far more sophisticated. From staff members to executives in the C-Suite, employees have been duped into providing log-in data and other credentials that put an organization at risk. Wombat Security's second annual "Beyond the Phish" report, offers some perspective on this issue. "Spear-phishing, business email compromise (BEC), and email-based ransomware are keeping response and remediation teams on their toes," the report notes. "But these are far from the only ways attackers can gain a foothold within an organization or compromise sensitive data and systems." The key to thwarting attacks and minimizing risk? Employee education and training. Wombat examined 70 million responses to its CyberStrength Knowledge Assessments from June 2016 to May 2017. Here are some of the key findings from the research, as well as the firm's 2017 "User Risk Report."