Nearly a quarter of employees are likely to fall for phishing attacks
Almost a quarter (22 percent) of employees globally are likely to expose their organization to the risk of cyber-attack via a successful phishing attempt according to a new study.
The study, from AI-driven cybersecurity training software company Phished, shows that of employees who open a phishing message 53 percent are likely to click a malicious link contained within it.
When asked to disclose data, for example on a spoofed login page, almost a quarter (23 percent) of recipients enter their details. If a message contains an attachment, seven percent of all recipients will download and open it.
"Although these figures already point to a systematic problem among the working population, perhaps most concerning is the fact that no less than seven percent of all employees open a suspicious email attachment. While phishing -- usually -- requires an extra step before the real damage is done, a malicious attachment can have serious consequences immediately," says Arnout Van de Meulebroucke, CEO of Phished.
Employees in the public sector are three percent more likely than those in private sector organizations to fall victim of a successful phishing attempt. UK public sector employees were slightly less susceptible (2.5 percent) to phishing attempts than the global three percent average.
Topics of the most successful phishing attacks in 2021 centered mainly around COVID-19. Messages surrounding coronavirus testing facilities and vaccinations top the charts, after this phishing messages about the technology and IT associated with home working were most successful in encouraging employees to click links and reveal data.
"The task for the coming year is clear: organizations must focus explicitly on awareness among their employees," adds Van de Meulebroucke. "In recent years, the volume of phishing attacks has increased exponentially and without a radical countermovement, these campaigns will continue to claim more victims, resulting in major losses for organizations. A one-off workshop does not help against phishing. People need thorough, repeated training to help them recognize increasingly sophisticated phishing messages."
The full report is available from the Phished site.