TMCnet News
Annual State of Phish Report from Wombat Security Shows Simulated Phishing and Training Programs Driving Safer End-User BehaviorPITTSBURGH, Jan. 19, 2017 /PRNewswire/ -- Wombat Security Technologies (Wombat), the leading provider of cyber security awareness and training, today announces the release of its annual research report, The State of the Phish. The report reveals some positive trends, including a 64% increase in organizations measuring end user risk from 2015 to 2016. However, 76% of infosec professionals still report their organizations being victims of a phishing attack and 51% said the rate of attacks is increasing – both data points are decreases from 2015 to 2016, illustrating that while training and education is working, the threat of attacks continues to remain high. The third annual State of the Phish report analyzed data from tens of millions of simulated phishing emails over 12 months – a 155% increase in the number of emails looked at in the previous report – as well as more than 500 survey responses from infosec professionals and more than 2,000 answers from employed computer users in the U.S. and the U.K. on their phishing knowledge and behavior. Thirty-eight percent of infosec professionals who reported a phishing attack cited a disruption of employee activity as the largest impact on their organization compared to data loss or compromised accounts. According to the 2015 Ponemon Institute paper, The Cost of Phishing and the Value of Employee Training, lost employee productivity is the largest cost associate with phishing at roughly $1.8 million for a 10,000-person company. Consumers were surveyed to test knowledge awareness not only on phishing, but also ransomware. When asked, "What is phishing?", 65% of those surveyed in the U.S. answered correctly. However, 52% were not even able to make a guess on "what is ransomware?". End users who don't recognize or understand the risks of ransomware are also unlikely to practice safe behaviors such as properly backing up files which can reduce the effectiveness of a ransomware attack. "Social attacks take advantage of employees trying to be helpful so it stands to reason that social awareness of attack methods plays a critical role in protecting against phishin," said Eric Ogren senior security analyst at 451 Research. "Enterprises with corporate phishing education programs empower employees to help protect themselves and the business." Despite an increase on the general awareness of the concept of phishing, end users continue to make their organization vulnerable through other risky behaviors such as checking personal email on work devices and keeping work data on their personal devices. The consumer survey showed a key cultural difference between U.S. and U.K. employees in how much they blur the lines between work and home. In the U.S., 49% of those surveyed reported checking their work email on their personal phone compared to 29% in the U.K.; and 50% of the respondents in the U.S. admitted to checking personal email on their work computers compared to 31% in the U.K. "Staying vigilant and implementing a Continuous Training Methodology is key to securing organizations," said Joe Ferrara, President and CEO of Wombat. "We've seen an increase in organizations making an investment in an end user security training and awareness program with 66% of infosec professionals now measuring their organization's susceptibility to phishing and 92% training end users on how to identify and avoid phishing attacks." Other key findings:
About the State of the Phish About Wombat Security Technologies To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/annual-state-of-phish-report-from-wombat-security-shows-simulated-phishing-and-training-programs-driving-safer-end-user-behavior-300393294.html SOURCE Wombat Security Technologies |