Industries across the board have seen an improvement in 2017 in terms of identifying phishing attacks: On average, only about 24% of respondents in an analysis on average weren’t able to identify them in 2017, compared to 28% on average in 2016.
That’s according to Wombat Security’s 2017 Beyond the Phish Report, which analyzed more than 70 million questions and answers—a significant increase from 20 million in 2016—across 10 categories. It found that the number one problem area for end users, with 26% of questions missed, is protecting confidential payment card and healthcare information. Users struggled the most with questions around the use of shared login credentials.
Also, across categories, gains and losses in various categories offset each other. For instance, protecting mobile devices and information saw the most significant downgrade in performance year-over-year, with users struggling to understand the implications and ramifications of unsafe mobile applications and invasive permissions.
End-users across all industries answered a quarter of questions incorrectly around the protection and disposal of personally identifiable information.
As to industry demographics, employees in healthcare, transportation and retail performed the lowest on average across all categories. Also, all but one industry performed worse in questions around using the internet safely after positive numbers in 2016, showing that organizations cannot make assumptions about levels of risk from one year to the next.
“We continue to see in our year-over-year results that reinforcement and practice are critical to learning retention. As with any learned skill, organizations need to work on cybersecurity awareness and knowledge to see continual improvements,” said Joe Ferrara, president and CEO of Wombat. “Organizations that focus on building a culture of security and empowering their employees to be a part of the solution develop the most sustainable and successful security awareness training programs. By sharing our data in the Beyond the Phish Report, we hope to be a part of building those cultures and helping organizations successfully change behavior in previously undiscovered areas of vulnerability.”
On the positive side, social media use saw the largest year-over-year improvement, a positive trend as the use of social media platforms continues to rise globally. Also, working safely outside the office showed a significant improvement year-over-year, which continues to be important to organizations as 43% of employees work remotely at least part of the time according to Gallup.
On average, end-users performed well on the new category around protecting oneself against scams, which focuses on the recognition of different types of social engineering techniques.
As in 2016, the best understood category for end-users focused on password safety, where only 12% of answers were incorrect in 2017.