Fresh research has shed surprising light on employees’ susceptibility to falling for cyber-attacks and organisations’ resiliency when it comes to fending off phishing attacks.
The 2019 Cofense Annual Phishing Report took in data generated from millions of people, along with along with intelligence collected from more than 10 million phishing simulations delivered every month, to produce findings that go against the grain of popular belief.
Contrary to widely-held views, the study concluded that employees are, in fact, a powerful force in an enterprise’s phishing defence strategy.
When properly conditioned to recognise and report attacks through regular and relevant phishing simulations, organisations are more likely to successfully defend against attacks designed to compromise customer information, steal intellectual property or destroy company data and IT infrastructure.
Cofense, the leader in intelligent phishing defense solutions, has equipped more than twenty million people in organisations across the globe to report suspicious emails through Cofense Reporter, an easy to use, one-click email toolbar button.
“Security practitioners need to repudiate the common misconception that end users are the weakest link in organisational defence,” said Aaron Higbee, cofounder and chief technology officer, Cofense. “In fact, employees are the last and ultimate line of defence.
With more than twenty million people across the globe empowered to flag potential attacks through Reporter, Cofense is helping thousands of organisations turn their workforce into highly tuned human sensors adept at reporting suspicious emails that frequently bypass security technologies.
The research reveals three distinct best practices help organisations strengthen their resiliency and empower their users to become active defenders against attacks:
- Reporting: Organisations that arm their workforce with a straightforward and easy way to report suspicious emails exhibit strong phishing resiliency rates; in simulation exercises, their end users report phishing emails more than twice as often as they fall for the bait.
- Frequency: Regular phishing simulations significantly improve reporting rates and drive down users’ susceptibility to fall for phishing attacks. Organisations that run 12 or more simulations per year have twice as higher resiliency rates compared to those running fewer than 12.
- Relevance: Simulations that imitate real phish seen in the wild lead to markedly higher reporting rates and lower susceptibility rates amongst end users compared to organisations that randomly select phishing scenarios.
The ultimate pay-off of high organisational resiliency materialises when SOCs transform reported emails they receive into actionable intelligence. When well-positioned to prioritise and analyse employee-reported emails, SOCs can quickly and efficiently cut through the noise and neutralise a threat in minutes.
Report Available Now
To download the Cofense Annual Phishing Report, visit: http://phish.me/4zMY30pNtFt.
The post #Privacy: Are employees really the weakest cyber link? Not according to new study appeared first on PrivSec Report.