KnowBe4 customers run millions of phishing tests per year, and we report frequently on the top-clicked phishing topics so that our customers know what the highest-risk phishing templates are. That way they can inoculate their employees against the most prevalent social engineering attacks.
This infographic shows the most frequently clicked phishing emails from Q1 2017 broken down into 3 categories: subjects related to social media, general emails and 'In The Wild' attacks that we received from our customers by employees clicking the Phish Alert Button and sending the email to us for analysis.
Note that these have made it through all the filters and into the inbox of the employee. A multi-layered defense is critical because each layer has different points of effectiveness and ineffectiveness. That is one of the reasons we continue to remind IT pros that creating a human firewall is an essential last line of defense which you cannot do without.
How Can I Use This Information In My Organization?
Armed with this data, customers can now schedule phishing tests to strengthen their human firewall. KnowBe4 recommends to start with 1- and 2-star level tests --these are the easier ones to spot -- and over a 12-month period increase the difficulty level to 4- and 5-star templates which are much harder to identify.
You can even target specific groups, departments, and/or individuals with phish of differing maturity levels. That can allow security leaders to inject training at a maturity level that is most likely to help each group – and it also allows for some gamification.
Phishing Emails Remain the #1 Infection Vector
Fresh information from Osterman Research shows that over a 10-year timespan, since mid-2014, phishing has taken over from Web and still remains the No.1 network infection vector. This is significant because it is seeing effectiveness in a ‘push’ model as the attack vector. In other words, the attackers aren’t merely placing what are in-effect landmines out on the web and hoping that people will stumble over them. The graph below was updates this week.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
