Pittsburgh-based cybersecurity firm Wombat Security Technologies’ Beyond the Phish Report, analyzed nearly 20 million questions and answers from their survey for this report. The report delved into how well end users are able to identify and manage security threats within an enterprise.
News and headlines, as well as numerous studies, have proven that phishing attacks are on the rise, and Wombat said its survey of security professionals showed the same. The threat of phishing attacks is real. In the last year, the list of organizational phishing victims increased by 13% to 85%, and 60% of enterprises said the phishing attack rate increased overall.
“Clearly, phishing is a focus area across the industry, but the efforts can’t stop there,” Joe Ferrara, president and CEO of Wombat said. “To reduce cyberrisk in organizations, security education programs must teach and assess end users across many topic areas, like oversharing on social media and proper data handling. Many of these risky behaviors exacerbate the phishing problem.”
Social Media plays a big part in our lives but end users struggled here the most, missing 31% of the questions we asked them around what they should and should not do to keep themselves and their organizations safe.
“What’s more, in our survey of security professionals, we found that only about half are assessing users around this topic. Most companies allow social media access on work devices while admitting they are not very confident that their employees know what to do to keep their organization safe,” the report revealed.
The report also disclosed that not only is there room for improvement in protecting organizations against phishing attacks but in simply recognizing the existing dangers. Other key findings include:
Wombat suggested with the rise in the remote workforce and end users who value the ability to work outside of the office, organizations need to educate their employees on how to stay safe while they are outside the office. Improper use of free Wi-Fi, inattention to physical security, lax data protections, and the lack of security guidelines during travel led to 26% of questions missed by end users on this important topic.