A leading cyber security company has released a comprehensive industry report this week, which reveals the alarming extent to which phishing attacks are impacting global organisations.
Proofpoint’s fourth annual Beyond the Phish report analyses data related to nearly 130 million cybersecurity questions and provides insights into employee understanding across 14 categories and 16 different industries.
One of the most worrying statistics revealed in the report is that 83% of global organisations experienced phishing attacks in 2018, underscoring the urgent need to educate end users.
“Cybercriminals are experts at gathering personal information to launch highly targeted and convincing attacks against individuals,” said Amy Baker, vice president of security awareness training strategy and development at Proofpoint
“Implementing ongoing and effective security awareness training is a necessary foundational pillar when building a strong culture of security,” she continued.
“Educating employees about cybersecurity best practices is the best way to empower users to understand how to protect theirs and their employer’s data, making end users a strong last line of defence against cyberattackers.”
According to the Beyond the Phish report, while employees have become more familiar with the hallmarks of phishing attacks and the need to protect data, significant knowledge gaps remain.
These knowledge gaps were more prevalent in different industries, with customer service, facilities, and security among the worst performing departments, incorrectly answering an average of 25% of cybersecurity questions asked.
Hospitality employees scored the lowest in three categories, including physical security risks in which 22% of questions were answered incorrectly.
End users in the education and transportation industries also struggled, answering an average of 24% of questions incorrectly across all categories.
At the other end of the spectrum, finance was the best performing industry with end users answering 80% of all questions correctly and communications was the best performing department, with end users answering 84% of questions correctly.
“Organisations need to be persistent and thorough in their security awareness training programs considering the end-user behaviours that influence and impact overall security postures,” said Baker.
“This annual report reiterates the need to go beyond the use of phishing tests to evaluate end-user susceptibility and cyber threat knowledge.”