Skip to main content

Too many workers are still falling victim to phishing attacks

phishing
(Image credit: Image Credit: wk1003mike / Shutterstock)

Organizations that don’t educate their employees on the dangers of phishing are putting themselves at risk, a report from security training platform KnowBe4 claims.

The company recently tested employees to see how likely they were to fall for a phishing scam and found that that almost a third (31.4 percent) failed to identify such an attack. 

Phishing is a type of cyberattack that sees a malicious actor deliver an email to the victim containing either a dangerous attachment or web link. In case of the latter, the link usually leads to a spoofed website where the victim is asked to provide sensitive data, such as credentials and payment data.

KnowBe4 argues that the best way to prevent phishing is to educate the employees on the dangers of clicking on links and downloading attachments from unverified sources.

Following a three-month training period, the company's tests showed a 50 percent decline in the number of potential phishing victims, while a year of regular training can bring the number down to 4.8 percent.

“In critical industries like Energy & Utilities and Healthcare & Pharmaceuticals where lives can be severely impacted, we found particularly high levels of cybersecurity risk as a result of simulated phishing test failures,” said Stu Sjouwerman, CEO at KnowBe4. 

“This is deeply concerning. Organizations should monitor their risks due to the majority of data breaches originating from social engineering. This data shows us that implementing security awareness training with simulated phishing testing will help to better protect organizations against cyber attacks.”

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.