Social media and remote working topics least understood and healthcare, telecommunications, retail and transportation industries struggle the most.

PITTSBURGH, Sept. 13, 2016 - Wombat Security Technologies (Wombat), the leading provider of cyber security awareness and training, today announced the release of its Beyond the Phish™ Report, an analysis of nearly 20 million questions and answers indicating how well end users are able to identify and manage security threats within an enterprise. The report reveals the many cybersecurity threats that are prevalent today such as oversharing on social media, unsafe use of WiFi, and company confidential data exposure that are dangers in their own right, but could also be considered contributing factors to the ever growing problem of phishing. 

In the last year, the number of organizations that reported being a victim of phishing has increased 13%, and 60% of enterprises said the rate of phishing attacks has increased overall.[1] “Clearly, phishing is a focus area across the industry, but the efforts can’t stop there,” said Joe Ferrara, President and CEO of Wombat. “To reduce cyber risk in organizations, security education programs must teach and assess end users across many topic areas, like oversharing on social media and proper data handling. Many of these risky behaviors exacerbate the phishing problem.”

Key findings from the report that show room for improvement include:

  • The No. 1 problem area for end users, with 31% of questions missed, is safe social media use; yet only 55% of security professionals assess employee knowledge on this topic.
  • End users missed 30% of questions about protecting and disposing of data securely, second only to safe social media use.
  • Professional services and healthcare employees performed the lowest on the nearly 1 million questions asked about safe passwords.
  • While healthcare was the industry that had the highest assessment percentage on end users' ability to protect confidential information, 31% of questions on the topic were missed by those in the industry. 

Furthermore, with the rise in remote working and end users who value the ability to work outside of the office, organizations need to educate their employees on how to stay safe while they are outside the office. Improper use of free WiFi, inattention to physical security, lax data protections, and the lack of security guidelines during travel led to 26% of questions missed by end users on this important topic. 

Derek Brink, CISSP, Vice President and Research Fellow, Aberdeen Group comments, “We should all be thankful to Wombat Security for sharing empirical data from nearly 20 million actual end-user assessments! The findings here are clear – organizations that measure user knowledge on a variety of security topics are gaining valuable insights into the most important factors of security risk, which can focus their efforts to address it. Depth of data, combined with a continuous, metrics-based approach to end-user security education, results in a solid knowledge improvement program. In my own analysis, successfully changing user behaviors has helped Wombat customers reduce security-related risks by about 60%.”

While there is room for improvement in all risk areas, the report also highlights categories where employees have answered the highest percentage of questions correctly.

  • 90% of questions were answered correctly about building safe passwords.
  • 85% of questions were answered correctly on how to best protect against physical risks, such as ensuring no one follows you into a secure area or not leaving sensitive files on your desk.
  • 79% of organizations assess end users on internet safety, and 84% of the questions in this category were answered correctly. 

About the Beyond the Phish Report

The report evaluated nearly 20 million questions asked and answered in Wombat's Security Education Platform over the past two years, and highlights the areas end users struggle with the most and those with the most correct. Of the organizations that participated, 20% were in financial industries, 13% in technology, 11% in healthcare, and others in verticals including manufacturing, professional services, education, insurance, retail, energy, government, telecommunications, and consumer goods.  You can download the full report here.

About Wombat Security Technologies
Wombat Security Technologies provides information security awareness and training software to help organizations teach their employees secure behavior. Their SaaS-based cyber security education solution includes a platform of integrated broad assessments, as well as a library of simulated attacks and brief interactive training modules. Wombat's solutions help organizations reduce successful phishing attacks and malware infections up to 90%. Wombat, recognized by Gartner as a leader in the Magic Quadrant for Security Awareness Computer-Based Training Vendors, is helping Fortune 1000 and Global 2000 customer in industry segments such as finance and banking, energy, technology, higher education, retail and consumer packaged goods to strengthen their cyber security defenses.


[1] 2016 State of the Phish Report, Wombat Security Technologies and ThreatSim, January 27, 2016.

 

Wombat Security Contact:
Julie Frey
wombat@shiftcomm.com
512-792-2550

Susan Mackowiak
press@wombatsecurity.com
412-621-1484 x 126