As seen on International Finance...
End users show good understanding of how to avoid ransomware attacks but lack understanding of data protection techniques, including those mandated by the GDPR
Wombat Security, a division of Proofpoint and the leading provider of cyber security awareness training announced the release of its 2018 Beyond the Phish Report, which provides analysis of nearly 85mn questions and answers posed to its customers’ end users—a significant increase from 70mn in the 2017 report—across 12 categories and 16 industries. The report identifies strengths and weaknesses related to phishing as well as a range of cybersecurity threats beyond the phish.
“The 2018 Beyond the Phish Report illustrates the importance of combining the use of assessments and training across many cybersecurity topic areas, including phishing prevention,” said Joe Ferrara, Wombat General Manager. “Our hope is that by sharing this data, infosec professionals will think more about the ways they are evaluating vulnerabilities within their organizations and recognize the opportunity they have to better equip employees to apply cybersecurity best practices and, as a result, better manage end-user risk.”
The 2018 Beyond the Phish Report also validates the need for organisations to use a combination of simulated attacks and question-based knowledge assessments to evaluate their end users’ susceptibility to phishing. For example, though Wombat’s 2018 State of the Phish Report revealed a nine percent average click rate on phishing tests across all industries, the Beyond the Phish Report shows that end users incorrectly answered 24% of questions related to the identification and avoidance of phishing attacks. This indicates that organisations relying on simulated phishing tools do not get a complete picture of their end users’ understanding and susceptibility to the many different tactics cybercriminals employ when crafting email-based social engineering attacks.
Key areas from the report analysis that reveal room for improvement include the following:
While there is always room for improvement with regard to end-user risk management, the 2018 Beyond the Phish Report also highlights categories and industries in which employees are improving year-over-year and have answered the highest percentage of questions correctly: