Phishing used to be an exotic threat to a business but, now, it's one of the most common and successful cyber threats around. Here's how your business can increase employee awareness.
Phishing used to be an exotic threat to a business -- now it's one of the most common and successful cyber threats around. A shocking 76.7% of businesses have experienced a phishing attack in the last year, and this number is only set to increase further.
Here, we look at the current state of phishing awareness and how your business can get started on educating your employees on how to avoid these damaging attacks.
The lack of phishing awareness
When it comes to phishing, there are two kinds of employee awareness; Firstly, there’s knowing that phishing is a nasty type of email scam that doesn't involve throwing a rod into a pond. Secondly, there’s knowing what types of phishing scams there are, how to spot the more sophisticated kinds, and what the hell you should do when you feel as though you may have been targeted.
Unfortunately, many employees still fall into the most basic type of phishing awareness - if that.
In fact, it’s believed that up to 88% of employees lack the basic security awareness needed to prevent a successful cyber attack -- with phishing attacks being high up on the list of most effective techniques.
The gate is wide open for cyber criminals
Cyber criminals have now increased the efficiency of their attacks and taken a more sophisticated approach with what’s known as “spear phishing”. This type of phishing scam is proven to be much more effective than its old spray-and-pray counterpart.
In one of our recent spear phishing tests on behalf of a client, our spear phishing ‘attack’ led to a 25% compromise rate, compared to a 1% compromise rate for that of a templated email.
Of course, there are many factors that come into play when trying to understand why both templated and targeted attacks are so successful -- but perhaps the biggest all stems down to the poor state of security awareness training.
How to increase awareness around phishing (and make it stick)
When drawing up an idea of how to increase phishing awareness among your workforce, they’ll probably be a point where you want to slump down in your chair and release a huge sigh of frustration. After all, having employees engage, retain information and, most importantly, use that training to help prevent phishing attacks is no easy feat. So what can you do?
The first thing we suggest is -- don’t try this at home.
Raising phishing awareness is a skill of knowing how to educate and train individuals, while also knowing that what your baffling on about is both cyber relevant and jargon-free. This is a perfect example of where security awareness training gets lost between HR and IT.
We suggest outsourcing your training to a provider that specialises in both areas of employee education AND security awareness (...a security awareness training vendor suggesting that? Shocking!). This may sound biased, but our platform is designed to resolve all of these obstacles, so why not shout about it?
Get started with your training solution
If you’re looking to implement phishing awareness, then give our security awareness platform a try for free. Our cloud-based uLearn platform contains short and easy-to-retain information that covers many of the cyber threats your end-users face (including a range of phishing techniques).
Once deployed, you’ll be able to test the effectiveness of your programme with the uPhish simulation tool, with in-depth reports covering details of which employees were compromised.
If you've got any questions about increasing phishing awareness with the use of our service, please reach out to firstname.lastname@example.org