End users show good understanding of how to avoid ransomware attacks but lack understanding of data protection techniques, including those mandated by the GDPR.
PITTSBURGH, April 24, 2018 – Wombat Security (Wombat), a division of Proofpoint and the leading provider of cyber security awareness training, today announces the release of its 2018 Beyond the Phish® Report, which provides analysis of nearly 85 million questions and answers posed to its customers’ end users — a significant increase from 70 million in the 2017 report — across 12 categories and 16 industries. The report identifies strengths and weaknesses related to phishing as well as a range of cybersecurity threats beyond the phish.
“As we come off a successful week at RSA Conference, the 2018 Beyond the Phish® Report again illustrates the importance of combining the use of assessments and training across many cybersecurity topic areas, including phishing prevention,” said Joe Ferrara, Wombat General Manager. “Our hope is that by sharing this data, infosec professionals will think more about the ways they are evaluating vulnerabilities within their organizations and recognize the opportunity they have to better equip employees to apply cybersecurity best practices and, as a result, better manage end-user risk.”
The 2018 Beyond the Phish® Report also validates the need for organizations to use a combination of simulated attacks and question-based knowledge assessments to evaluate their end users’ susceptibility to phishing. For example, though Wombat’s 2018 State of the Phish™ Report revealed a 9% average click rate on phishing tests across all industries, the Beyond the Phish® Report shows that end users incorrectly answered 24% of questions related to the identification and avoidance of phishing attacks. This indicates that organizations that are relying on simulated phishing tools alone are not getting a complete picture of their end users’ understanding of — and susceptibility to — the many different tactics cybercriminals employ when crafting email-based social engineering attacks.
Key areas from the report analysis that reveal room for improvement include the following:
While there is always room for improvement with regard to end-user risk management, the 2018 Beyond the Phish® Report also highlights categories and industries in which employees are improving year-over-year and have answered the highest percentage of questions correctly:
About the Beyond the Phish® Report
The 2018 Beyond the Phish® Report compiles data from nearly 85 million questions answered by the end users of Wombat Security customers in 12 categories across 16 industries. Results are based on CyberStrength® Knowledge Assessments and training challenges completed by end users via Wombat’s Security Education Platform, a cloud-based learning management system, from January 1, 2017, through December 31, 2017. You can view the full report results here.
About Wombat Security
Wombat Security, a division of Proofpoint, is the leading provider of information security awareness and training software to help organizations teach their employees secure behavior for enterprises. Their SaaS-based cybersecurity education solutions include an integrated platform of knowledge assessments, simulated attacks, and brief interactive training modules. Wombat's solutions help organizations reduce successful phishing attacks and malware infections up to 90%. The company has been recognized by Gartner as a Leader in the Magic Quadrant for Security Awareness Computer-Based Training Vendors for four years in a row. Founded in 2008, Wombat is helping mid-market, Fortune 1000, and Global 2000 customers to strengthen their cybersecurity defenses.
Wombat Security Contact
412-621-1484 x 136