Commentary

See No Evil: Employees Click Through Phishing Emails Despite Training

Two grim reports have been released about cyber fraud that should worry any CEO.  

The first, from Ironscales, found that workers keep clicking through phishing emails despite awareness training. And that’s only one sign of their vulnerability.

Ironscales, a Tel Aviv-based security firm, interviewed 300 security professionals at the recent Infosecurity London conference.

The results show that 54% of their firms are plagued by phishing emails on a regular basis. And 85% say their employees need better inbox tools to avoid opening malicious messages. 

For instance, 35% lack an email address or "report button" for sharing suspicious messages with security staff. And while 76% train their employees to spot phishing emails, less than 50% say that click rates had dropped as a result. And 25% say they just don’t know if clicks have fallen.

Asked to rate themselves on a scale of one to 10, 60% gave their firms a seven or less.

advertisement

advertisement

The greatest challenges? For 55%, it’s the time it takes to detect phishing emails. Another 24% say it's performing email forensics on messages, and 18% cite removing malicious messages from mailboxes.

So what are companies doing about these issues?

Some 38% are looking to combine automated email forensics, mitigation and remediation. That would create in-mail banner alerts that warn users an incoming message is fraudulent.

Overall, 94% agree that automation of manual processes would reduce the amount of damage. And 95% say that humans and technology should work side by side.  

For our part, we hope employees are not mistaking marketing emails for phishing messages.

Ironscales CEO Eyal Benishti concludes that “while phishing is high on everyone’s radar, organizations continue to struggle to expeditiously deflect the threats posed by email borne attacks.”

A second study, from KnowBe4 and Cybersecurity Ventures,predicts that $8 billion will be lost due to ransomware this year. It estimates businesses will be attacked every 14 seconds by the end of 2019.

That is an even worse problem than phishing — it can put lives at risk by disrupting medical and emergency services, KnowBe4 says.   

“Ransomware is the new normal; it’s here to stay and is growing in sophistication and frequency,” states KnowBe4 CEO, Stu Sjouwerman. 

Next story loading loading..