Recent Study on Phishing Shows Even IT Experts Can Be Susceptible
The largest source of cybersecurity breaches remains human error, and phishing scams are a major part of this problem. A recent study found reasons why phishing schemes continue to permeate organizations’ cybersecurity perimeters.
F-Secure conducted a study targeting 82,402 individuals from four organizations with one of four phishing emails. The company recorded if they were susceptible by clicking on their links, then asked those who clicked some questions and interpreted the results.
The mock internal HR email threatening annual leave was the most effective. That’s not surprising considering emotional ploys work best in phishing scams. However, it turned out departments described as IT and DevOps – those focused on computer technology – were just as susceptible to these emails as the rest of the departments at one business. And these departments were far higher to click through phishing links at the second organization studied.
Two conclusions can be drawn from the study’s results. First, with their additional accesses, the consistent susceptibility of technical staff and lack of enhanced reporting represents heightened risk. Second, a heightened general IT literacy, and likely phishing awareness, does not reduce susceptibility to email phishing.
Another important finding from the study is that the rate that people will report suspicious email as phishing is directly related to the process of reporting itself.
These findings reinforce the need for extensive training for employees to ensure they can determine what is a suspicious email and how to deal with them. Organizations need to have a method for identifying malicious emails that have bypassed technical protective measures.
Also, speed is of the utmost importance when it comes to mitigating phishing attacks. The study found that in the first five minutes of an email being delivered, more than three times the number of people who report the email as suspicious will have fallen victim to it. After five minutes, the number begins to even out and after 30 minutes you should expect more reports than clicks.
Your employees are the first line of defense for your organization against cyberattacks. Make sure they have the knowledge required to maintain that perimeter by providing them with the proper training. Partner with 2W Tech for help and we’ll set up comprehensive phishing training for your organization with BullPhish ID. Contact us today to learn more.