In surveys throughout 2019, phishing attacks have routinely made it to the number one spot of what companies were most worried about.
One survey, which garnered responses from some 733 organisations of varying sizes (243 of them over 5,000 employees) who attended the RSA Conference 2019, asked several cyber security and business management related questions. Among them was the question: “What internal threats worry you the most?”
Some of the answers included “Cryptomining on your network”, “Social media threats” and “Ransomware”, but there was one very clear answer dominating the results: “Phishing“.
With well over a quarter of all participants (28.61%) citing phishing as their largest concern, the threat dwarfed its nearest challenger, Ransomware, by almost nine percentage points (8.81%).
The chart below shows the results of the question:
Image credit: AT&T Cybersecurity
Ransomware, which took second place at 19.80% is often carried in email-borne phishing attacks so the overall fear surrounding email security is enormous.
We’ve also studied reports showing as much as 75% of decision makers citing phishing as their greatest threat.
But despite the findings in these reports, there is still only a small percentage of organisations offering their users regular Security Awareness Training.
Couple this with findings that half of workers have already clicked phishing emails and that half C-Suite executives don’t believe their users could even spot one, and you are left in somewhat of a contradictory state.
The dichotomy this presents is almost palpable but it clearly reveals one thing: a culture shift towards more user training is essential to bring confidence back into organisations.
Routine Security Awareness Training and simulated phishing is what organisations need to secure themselves against the ever-increasing threat from hackers and social engineers.
As we move into 2020, phishing attacks will continue to build in sophistication. Security technology is forever catching up with malicious actors but training users to become the defence to the attack, rather than the victim of the attack, could spell the difference between prosperity and disaster for your organisation.
Start the new year with education, learn how many of your users are likely to click a phishing email. Our Free Click-Prone® Test does exactly that for you.
Phishing attacks are here to stay, and there is neither need nor excuse to wait for one to irreversibly affect your business. Act now, educate your users and steer your organisation into the future with confidence.