Security report reveals 155% increase in simulated phishing emails

A recent Wombat security report revealed that there was a staggering 155% increase in the number of simulated phishing emails sent compared to the previous year’s report. The report obtained more than 2,000 answers from end users in both the UK and US about their knowledge of phishing.

Key findings:

  • 10% fewer information security professionals reported that their organisation had fallen victim to a phishing attack.
  • Of that same group, 51% of information security professionals felt that phishing attacks were increasing overall.
  • 61% of those surveyed reported experiencing spear phishing attacks, a decrease of almost 10% on the previous year.
  • 31% of UK respondents admitted checking their personal emails on a work computer and 29% admitted checking their work emails on their personal phone.

Positive trends:

  • A 64% increase in organisations measuring the risk that end users pose.
  • Security awareness and training is leading the way in how organisations measure that risk.
  • Administrators who use measurements to assist their programme are seeing better results overall.
  • 72% of UK respondents answered the question ‘What is phishing?’ correctly.

Ransomware:

  • Only 38% of UK respondents answered the question ‘What is ransomware?’ correctly; a shocking 41% admitted to not knowing what it was.
  • 34% stated that they had experienced a ransomware attack in 2016, and 2% of those organisations targeted admitted to paying the ransom.

The results of this report demonstrate that awareness is growing, but improvements still need to be made as a number of those surveyed struggled to even identify what ransomware was. Also, there appears to be some “risky behaviour” that could pose a potential risk because “a filter on a work email does nothing when an employee clicks on a malicious link in their personal email on a work computer, or loses their personal phone with work email and information on it”.

Protect your company and educate your staff

Kick-start your staff awareness programme with our e-learning courses and reduce the risk of staff-related incidents. These hassle-free, cost-effective e-learning courses continually reinforce the importance of compliance and security, and develop good habits. Topics include Phishing and Ransomware, Phishing and Information Security.

Teach your staff how to stay safe by rolling out a staff awareness programme.