KnowBe4 customers run millions of phishing tests per year, and we report frequently on the top-clicked phishing topics so that our customers know what the highest-risk phishing templates are. That way they can inoculate their employees against the most prevalent social engineering attacks.
This infographic shows the most frequently clicked phishing emails from Q1 2017 broken down into 3 categories: subjects related to social media, general emails and 'In The Wild' attacks that we received from our customers by employees clicking the Phish Alert Button and sending the email to us for analysis.
Note that these have made it through all the filters and into the inbox of the employee. A multi-layered defense is critical because each layer has different points of effectiveness and ineffectiveness. That is one of the reasons we continue to remind IT pros that creating a human firewall is an essential last line of defense which you cannot do without.
How Can I Use This Information In My Organization?
Armed with this data, customers can now schedule phishing tests to strengthen their human firewall. KnowBe4 recommends to start with 1- and 2-star level tests --these are the easier ones to spot -- and over a 12-month period increase the difficulty level to 4- and 5-star templates which are much harder to identify.
You can even target specific groups, departments, and/or individuals with phish of differing maturity levels. That can allow security leaders to inject training at a maturity level that is most likely to help each group – and it also allows for some gamification.
Phishing Emails Remain the #1 Infection Vector
Fresh information from Osterman Research shows that over a 10-year timespan, since mid-2014, phishing has taken over from Web and still remains the No.1 network infection vector. This is significant because it is seeing effectiveness in a ‘push’ model as the attack vector. In other words, the attackers aren’t merely placing what are in-effect landmines out on the web and hoping that people will stumble over them. The graph below was updates this week.
Today, your employees are frequently exposed to sophisticated phishing and ransomware attacks. Old-school Security Awareness Training doesn’t hack it anymore. More than ever, your users are the weak link in your network security. Get a product demonstration of the innovative KnowBe4 Security Awareness Training Platform. In this live one-on-one demo we will show you how you can:
NEW Access to the world's largest library of security awareness training.
NEW Social Engineering Indicators technology, turns every simulated phishing email into a tool you can use to instantly train employees.
Send Simulated Phishing tests and drive down the Phish-prone percentage.
Advanced Features: EZXploit™ automated "human pentest". USB Drive Test™
Active Directory Integration allows you to easily upload and manage users.
Reporting to watch your Phish-prone percentage drop, with great ROI.
Don't like to click on redirected buttons? Cut & Paste this link in your browser: