A recent poll by GetApp has revealed that almost half of respondents claimed a member of their organisation had clicked on a phishing link.
The business software comparison site often runs surveys and polls relating to cyber security. In October 2019, a GetApp survey revealed that less than half the responding organisations offered regular Security Awareness Training.
Their latest poll shows significantly lower numbers.
Only 30% of organisations perform regular phishing tests even though just under a quarter of organisations had already been victim to a successful phishing attack.
While Two-Factor Authentication (2FA) was used by almost two-thirds of respondents, the rest relied on basic security measures.
This lack of regular training is why the average baseline Click-Prone® % of a business (the percentage of users that fail a simulated phishing test) is still over 35% at the end of 2019.
With over a third of employees likely to fall for a phishing attempt, and 3.4 billion phishing emails sent around the world on a daily basis, it’s no wonder that data breaches and ransomware attacks continue to rise in success.
Our survey shows that a surprisingly large number of businesses have been fooled by phishing scams. With technology advancing and tactics evolving, the need to remain vigilant against cyberattacks is more important than ever.
The most worrying part of this is how many employees have clicked phishing emails compared to how few companies are actively working to train their employees to recognize them. Spear phishing is an effective and inconspicuous way of infiltrating a business. It’s vital that employees are taught to recognize it.
Zach Capers – Senior Content Analyst, GetApp
This news further cements the requirement for a culture shift towards regular Security Awareness Training for employees. The prevalence and success of spear phishing and other email-borne cyber attacks, combined with the lack of phishing awareness within organisations creates an incredibly unstable foundation on which to build a cyber secure business.
As we approach the winter holidays, we too enter the most active period for cyber attacks. We no longer live in a time where one has to wonder if a phishing email will make it into a user’s inbox, it is simply a case of when.
At Phishing Tackle, we work diligently to provide the most up-to-date Security Awareness Training and simulated phishing to ensure that when your users receive a phishing email, it doesn’t cost them their career or jeopardise their organisation.
It’s time to educate, not procrastinate.