As seen on IT Security Guru...
Wombat Security Technologies (Wombat), the leading provider of cyber security awareness and training, today announces the release of its annual State of the Phish™ research report. The report findings demonstrate that the war against phishing is still on, with 76% of organizations experiencing phishing attacks in 2017 and nearly half of information security (infosec) professionals saying that the rate of attacks increased from 2016. The impacts of phishing were also more broadly felt than in 2016, with an 80+% increase in reports of malware infections, account compromise, and data loss related to phishing attacks.
Even so, Wombat customers show positive trends and progress within their programs, with declining click rates and increases in the number of suspicious emails identified and reported by end users. Unfortunately, awareness of phishing and ransomware has not trickled down to the average technology user, as revealed by the international third-party survey that was conducted as part of the State of the Phish research.
The fourth annual State of the Phish Report assembles data from three main sources:
The 2018 report is structured differently than in prior years, with data presented via four overarching themes:
Also new this year is a more in-depth look at regional differences between US and UK approaches to cyber security education. Wombat found that UK organizations are less likely to assess end users’ susceptibility to phishing attacks; more frequently use passive security awareness and training tools (like videos, posters, and newsletters); and are much more likely to rely on yearly cybersecurity training. The report also reveals that US organizations — which favor interactive training methods delivered on a monthly or quarterly basis — are more than twice as likely to realize quantifiable results from their efforts.
“The State of the Phish Report shows that simulated phishing attacks are certainly valuable tools in the battle against social engineering attacks, but it also reinforces the need for CSOs, CISOs and their teams to take a broader view of cybersecurity education,” said Joe Ferrara, President and CEO of Wombat Security. “A cyclical approach to security awareness and training is the most effective. Organizations should employ a methodology that both raises awareness of cybersecurity best practices and teaches users how to employ these practices when they inevitably face a security threat.”
Other key findings:
“This report is filled with new information and analysis that we hope will empower infosec professionals to more effectively develop their own security awareness and training programs and, in turn, better manage end-user risk,” said Amy Baker, VP of Marketing at Wombat Security. “As organizations continue to see the detriment phishing and ransomware can have on the health and longevity of a business, we want to equip them with the data they need to protect their customers’ and their own valuable information.”
Read article on IT Security Guru