Verizon: More Than Half of Users Click on Multiple Phishing Links; Social Engineering, Innovation are Responsible

Thursday, February 27, 2020
0

The latest data from Verizon’s 2020 Mobile Security Index report shows that both consumer and business users make it all too easy for cyberattackers to fool them into becoming a victim.

Think about the layered security you have in place today – each solution (whether hardware or software) uses protocol, process, rules, and workflow to ensure a consistent level of security. While not perfect, it still props up a dependable defense. With phishing attacks, this usually includes mail scanners, DNS scanning, antivirus, endpoint protection, and more – all in the name of spotting a malicious email.

Now think about your users; when a phishing attack finds a way to get around that layered security, your last line of defense is your user. Just like you do naturally when suspicious emails arrive in your inbox, the hope is the user will easily see through the scam and will report and/or delete the email.

But, according to Verizon’s newest data, users simply aren’t helping.

  • Every day, 2% of all users will click on a phishing link.
  • Of those falling for phishing scams, over half (53%) of users fell for two or more phishing attacks, clicking on links each time.
  • Just over one-third (34%) of users fell for three or more attacks.

With 32% of confirmed data breaches involving phishing, the data above should have organizations worried. Phishing remains one of the top attack vectors and, from the looks of it, users aren’t helping stop these attacks.

So, there’s one layer to add to your security strategy – Security Awareness Training. Educating users on the need to be security-minded when interacting with email and the web helps reduce the threat surface. KnowBe4 has found that industry-wide 37.9% of untrained users will fail a phishing test. Only 14.1% of those same users will fail within 90 days of completing their first KnowBe4 training. After at least a year on the KnowBe4 platform, only 4.7% of those users will fail a phishing test.

From 37.9% of users to just 4.7% – that’s an 87.5% reduction in the phishing threat surface!

From what we’re seeing year after year, users are still one of the weakest links in an organization’s security chain. It’s time to take advantage of their ability to participate in the security of the organization through Security Awareness Training.

This blog originally appeared on KnowBe4.

Stu Sjouwerman
About the Author
Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4 Inc, a provider of the most popular Security Awareness Training and Simulated Phishing platform. A serial entrepreneur and data security expert with more than 30 years in the IT industry, Sjouwerman is the author of four books, with his latest being “Cyberheist: The Biggest Financial Threat Facing American Businesses.” Along with his CEO duties, Stu is Editor-in-Chief of Cyberheist News, an e-zine tailored to deliver IT security news, technical updates, and social engineering alerts. Stu is a four-time Inc 500 award winner and EY Entrepreneur of the Year finalist.

ENX Magazine April 2024 Issue

Click to View Digital Magazine

View Articles in this issue

Subscription Update

Manage Subscription

Sign Up for weekly eNews

Difference Makers Nomination

Follow us on Twitter


ENX

Industry Info

Search Our Articles

Login    Privacy Policy   Site Map
Website by Elle*Eye Design, LLC