A new study by cybersecurity training and phishing simulation firm KnowBe4 has found that one in three untrained users were likely to fall victim to phishing or social engineering scams.
The report analyzed companies across a variety of industries to determine what KnowBe4 calls an organization’s “phish-prone percentage (PPP),” a number that represents how many employees are vulnerable to attacks.
The average baseline, 31.4%, varied widely by company size and industry, with half of the employees in more than 1,000 large energy and utility companies likely to fall for phishing or social engineering attacks.
The data from KnowBe4 suggests that training is the key to the dangerously high percentages.
Within 90 days of the training, KnowBe4 conducted another phishing and social engineering test on the 23,400 organizations included in the report and found that the average PPP value dropped significantly to 16.4%.
After one year of further training, this figure drops to only 4.8%, representing an average improvement of 84%.
KnowBe4 shares a number of recommendations to combat phishing and social engineering.
Executives must be active participants in all aspects of promoting safety awareness in their companies, including participating in the same safety awareness training requirements that are expected of other employees.
For those planning an anti-phishing strategy, working with the right people is also crucial.
The organization also recommends that businesses that focus on improving cybersecurity, such as marketers, should prioritize cybersecurity in the office, emails, and in non-security training.
Constantly reminding employees of the importance of security makes it part of the job.
It is also very important to define targets, collect meaningful data and transform this data into useful metrics, simulate phishing attacks and increase the frequency of training and internal tests to avoid a training decline.
For more information, read the original story in TechRepublic.