Thursday, 21st November 2019
Logo

Phishing identification and data protection are the top problems for end users

End users incorrectly answered one in four questions about phishing, underscoring the need for ongoing education to significantly reduce risk.

Proofpoint has released its fourth annual Beyond the Phish® report, which examines end user understanding of a broad range of cybersecurity topics and best practices. The report features analysis of data related to nearly 130 million cybersecurity questions and offers insights into employee knowledge levels across 14 categories, 16 industries, and more than 20 commonly used department classifications.

“Cybercriminals are experts at gathering personal information to launch highly targeted and convincing attacks against individuals,” said Amy Baker, vice president of Security Awareness Training Strategy and Development for Proofpoint. “Implementing ongoing and effective security awareness training is a necessary foundational pillar when building a strong culture of security. Educating employees about cybersecurity best practices is the best way to empower users to understand how to protect theirs and their employer’s data, making end users a strong last line of defense against cyber attackers.”

Phishing remains a leading concern for organizations worldwide. Overall, one in every four questions in the “Identifying Phishing Threats” and “Protecting Data Throughout Its Lifecycle” categories were answered incorrectly. The 2019 Beyond the Phish reportsignifies that while employees have become more familiar with the hallmarks of phishing attacks and the need to protect data, knowledge gaps remain that cybercriminals can exploit. As part of its 2019 State of the Phish report, Proofpoint found that 83 percent of global organizations experienced phishing attacks in 2018, underscoring the urgent need to educate end users.

Additional 2019 Beyond the Phish key findings include:

·Communications was the best performing department, with end users correctly answering 84 percent of questions.

·Finance was the best performing industry, with end users answering 80 percent of all questions correctly.

·End users in the Insurance industry delivered the best performance in three of the 14 categories analyzed, specifically excelling in the “Avoiding Ransomware Attacks” category.

·Customer Service, Facilities, and Security were among the worst performing departments, incorrectly answering an average of 25 percent of cybersecurity questions asked. As these are respondent-defined department designations, the Security department could include both physical security and cybersecurity.

·End users in the Education and Transportation industries struggled the most, on average, answering 24 percent of questions incorrectly across all categories.

·Hospitality employees scored the lowest in three categories, including “Physical Security Risks,” in which 22 percent of questions were answered incorrectly.

“Organizations need to be persistent and thorough in their security awareness training programs considering the end user behaviors that influence and impact overall security postures. This annual report reiterates the need to go beyond the use of phishing tests to evaluate end user susceptibility and cyber threat knowledge,” continued Baker. “It’s important to remember that not all security incidents stem from an attack; many issues result from limited awareness and poor security practices. Our research has shown a significant increase in safe behaviors when organizations take a well-managed, continuous approach to training across all cyber topics.”

Two thirds (67%) of businesses say that driving collaboration between security and IT ops teams is a...
Upated report on unsecured PACS servers shows problem has escalated in the last 60 days.
Leading industry association project 3.7% industry growth in 2020; identifies 10 trends to watch in...
Neustar research on cyber threats and trends reveals continued increase in small-scale DDoS attacks,...
For modern organisations, digital transformation is increasingly the only game in town. CIOs are tur...
Datrium has released findings from its industry report on the State of Enterprise Data Resiliency an...
CybSafe invites cyber security professionals to contribute to new academic research into the impact...
FireMon has released its 2019 State of the Firewall report, the annual benchmark of current issues i...