The latest data from Verizon’s 2020 Mobile Security Index report shows that both consumer and business users make it all too easy for cyberattackers to fool them into becoming a victim.
Think about the layered security you have in place today – each solution (whether hardware or software) uses protocol, process, rules, and workflow to ensure a consistent level of security. While not perfect, it still props up a dependable defense. With phishing attacks, this usually includes mail scanners, DNS scanning, antivirus, endpoint protection, and more – all in the name of spotting a malicious email.
Now think about your users; when a phishing attack finds a way to get around that layered security, your last line of defense is your user. Just like you do naturally when suspicious emails arrive in your inbox, the hope is the user will easily see through the scam and will report and/or delete the email.
But, according to Verizon’s newest data, users simply aren’t helping.
- Every day, 2% of all users will click on a phishing link.
- Of those falling for phishing scams, over half (53%) of users fell for two or more phishing attacks, clicking on links each time.
- Just over one-third (34%) of users fell for three or more attacks.
With 32% of confirmed data breaches involving phishing, the data above should have organizations worried. Phishing remains one of the top attack vectors and, from the looks of it, users aren’t helping stop these attacks.
So, there’s one layer to add to your security strategy – Security Awareness Training. Educating users on the need to be security-minded when interacting with email and the web helps reduce the threat surface. KnowBe4 has found that industry-wide 37.9% of untrained users will fail a phishing test. Only 14.1% of those same users will fail within 90 days of completing their first KnowBe4 training. After at least a year on the KnowBe4 platform, only 4.7% of those users will fail a phishing test.
From 37.9% of users to just 4.7% – that’s an 87.5% reduction in the phishing threat surface!
From what we’re seeing year after year, users are still one of the weakest links in an organization’s security chain. It’s time to take advantage of their ability to participate in the security of the organization through Security Awareness Training.
This blog originally appeared on KnowBe4.