More than three-quarters of organizations experienced phishing attacks in 2017, but end-user security awareness is slow to improve globally
Pittsburgh, PA – January 17, 2018 – Wombat Security Technologies (Wombat), the leading provider of cyber security awareness and training, today announces the release of its annual State of the Phish™ research report. The report findings demonstrate that the war against phishing is still on, with 76% of organizations experiencing phishing attacks in 2017 and nearly half of information security (infosec) professionals saying that the rate of attacks increased from 2016. The impacts of phishing were also more broadly felt than in 2016, with an 80+% increase in reports of malware infections, account compromise, and data loss related to phishing attacks.
Even so, Wombat customers show positive trends and progress within their programs, with declining click rates and increases in the number of suspicious emails identified and reported by end users. Unfortunately, awareness of phishing and ransomware has not trickled down to the average technology user, as revealed by the international third-party survey that was conducted as part of the State of the Phish research.
The fourth annual State of the Phish Report assembles data from three main sources:
The 2018 report is structured differently than in prior years, with data presented via four overarching themes:
Also new this year is a more in-depth look at regional differences between US and UK approaches to cyber security education. Wombat found that UK organizations are less likely to assess end users’ susceptibility to phishing attacks; more frequently use passive security awareness and training tools (like videos, posters, and newsletters); and are much more likely to rely on yearly cybersecurity training. The report also reveals that US organizations — which favor interactive training methods delivered on a monthly or quarterly basis — are more than twice as likely to realize quantifiable results from their efforts.
“The State of the Phish Report shows that simulated phishing attacks are certainly valuable tools in the battle against social engineering attacks, but it also reinforces the need for CSOs, CISOs and their teams to take a broader view of cybersecurity education,” said Joe Ferrara, President and CEO of Wombat Security. “A cyclical approach to security awareness and training is the most effective. Organizations should employ a methodology that both raises awareness of cybersecurity best practices and teaches users how to employ these practices when they inevitably face a security threat.”
Other key findings:
“This report is filled with new information and analysis that we hope will empower infosec professionals to more effectively develop their own security awareness and training programs and, in turn, better manage end-user risk,” said Amy Baker, VP of Marketing at Wombat Security. “As organizations continue to see the detriment phishing and ransomware can have on the health and longevity of a business, we want to equip them with the data they need to protect their customers’ and their own valuable information.”
About the State of the Phish™ Report
The fourth annual State of the Phish™ Report evaluated data from tens of millions of simulated phishing emails sent over a 12-month period from October 1, 2016 to September 30, 2017. Additionally, survey data from both infosec professionals and end users was incorporated to provide a better understanding of what the impact and knowledge of phishing was in 2017. While not a scientific study, the report offers insight into what proactive organizations are doing better to train their end users to identify and avoid phishing messages. You can download the full report here.
About Wombat Security Technologies
Wombat Security Technologies is the leading provider of information security awareness and training software to help organizations teach their employees secure behavior for enterprises. Their SaaS-based cybersecurity education solutions include an integrated platform of knowledge assessments, simulated attacks, and brief interactive training modules. Wombat's solutions help organizations reduce successful phishing attacks and malware infections up to 90%. The company has been recognized by Gartner as a Leader in the Magic Quadrant for Security Awareness Computer-Based Training Vendors for four years in a row. Founded in 2008, Wombat is helping mid-market, Fortune 1000, and Global 2000 customers in industry segments such as finance and banking, energy, technology, higher education, retail, and consumer packaged goods to strengthen their cybersecurity defenses.
Wombat Security Contact:
412-621-1484 x 136