Lack of awareness training raises phishing risk
We know that phishing attacks are gaining in sophistication and are one of the most popular ways of hackers and cybercriminals gaining access to an organization's systems.
But this type of attack is notoriously difficult to guard against using technology and employee awareness is a big part of any business' defense strategy. This is underlined by a new report from awareness training company KnowBe4 which looks at the level of risk and finds that 29.6 percent of organizations are 'phish-prone'.
The construction industry is particularly at risk, with 38 percent of small companies and 37 percent of smaller companies being phish-prone. For larger organizations with 1,000+ employees construction on 37 percent is beaten into second place by hospitality at 48 percent.
Training though does make a big difference. After 90 days of computer-based training and simulated phishing testing, the average phish-prone percentage is cut in half, dropping from 30 percent to 15 percent. And after one year of testing and simulated phishing, it drops down to just two percent. Across all industries, there's a 92 percent improvement rate from baseline testing to 12 months of training and testing.
"Often times, organizations overlook security awareness training and simulated social engineering testing because they're focused on implementing security technology instead of building up their human layer of defense," says Stu Sjouwerman, CEO of KnowBe4. "This report shows that employees are not getting the right amount of cybersecurity training to help properly protect their organizations, and we need to change that."
If you want to find out more the full report is available from the knowBe4 site.