Facts surrounding spear phishing all point to employees as the most cited culprits and security awareness training as the most effective remedy. Yet all training programs are not equal.
Recent research sponsored by KnowBe4 shows email spear phishing is now the number one source of data breaches with human error at the bottom of it all. A new study released from Osterman Research says 67% of respondents say malware has successfully penetrated their corporate networks through email with web surfing a close second at 63%. Another 23% say malware has infiltrated their networks but they still don’t know how.
With 91% of successful data breaches coming from a phishing or spear-phishing email, KnowBe4 has increased its toolset to include more advanced anti-phishing tools with good results. In a 12 month period of time, KnowBe4 analyzed 3600 phishing tests sent out to 291,000 seats. The results showed the top 4 click-bait emails which all bring in double-digit clicks: LinkedIn Inmail at 19.9%, an email from “IT” to change your password at 18.8%, Amazon at 13.7%, and UPS at 11.4%. While a recent Proofpoint study says 1 in 10 users typically click on a malicious URL, the most recent Verizon report puts the open rate of phishing emails average at 23% and the click-through rate at 11%.
KnowBe4 CEO Stu Sjouwerman noted,“For compliance reasons, too many companies still rely on a once-a-year breakroom ‘death by PowerPoint’ training approach, or just rely on their filters, do no training and see no change in behavior. Our Kevin Mitnick Security Awareness Training is an integrated platform for awareness education combined with an extensive library of templates that allow IT managers to schedule regular phishing tests to keep users on their toes with security top of mind. After our training we see a radical decrease in clicks on phishing emails from an initial average of 16 percent to a phone-prone percentage of just 1.28% after 12 months.
The most recent PWC 2015 Global Information Security Survey shows businesses that have security awareness report significantly lower average financial losses from cybersecurity incidents and those that do not train employees reported annual losses of four times greater than those who train..
According to Websense Security Labs, one third of end users continue to click away at malicious email links, demonstrating that they are increasingly “desensitized” from warnings, lack a feeling of responsibility, and lack enterprise-driven education.
“A good security awareness program will help the user recognize red flags and give him a sense of confidence in his ability to spot a social engineering attempt,” said Sjouwerman. “It is much less expensive to train your staff than suffer the consequences of a data breach to your bottom line and the company’s reputation. As Derek Bok, former Harvard University president, once said: If you think education is expensive, try ignorance.”
For more information visit: www.KnowBe4.com
About Stu Sjouwerman and KnowBe4
Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.
About Kevin Mitnick
Kevin Mitnick is an internationally recognized computer security expert with extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices. He gained notoriety as a highly skilled hacker who penetrated some of the most resilient computer systems ever developed. Today, Mitnick is renowned as an information security consultant and speaker, and has authored three books, including The New York Times best seller Ghost in the Wires. His latest endeavor is a collaboration with KnowBe4, LLC.