In an analysis done by KnowBe4 of 201,755 phishing emails sent over the past 30 days, it was found men appear to be more prone to clicking on a phishing email than women.
In further analysis, when tested over a 120 -day period with simulated phishing emails that lead to a data entry landing page and asked for input of credentials, men were found to give up credentials 225% more than females. Here are the numbers:
The average of the male Data Entry percentages is 4.05%, the average Data Entry for females is 1.80%, which makes for males being 225% more likely to enter their credentials.
This non-secure behavior is the first specific information discovering that type of pattern and has prompted the launch of a detailed scientific study which takes into account gender, position and other factors. It will also evaluate the effectiveness of training methods to remediate these behaviors.
Most companies hover around an average of having 16% of their yet untrained staff prone to being phished. Over time, as they are trained with interactive training and simulated phishing attacks we have seen the likelihood of employees being fooled drop considerably, typically down toward the 1-2% mark. We are very excited to find out more about these differences and how to make security awareness training even better.
According to a study from Osterman Research, 5 out of 6 of the most serious concerns of security-focused decision makers are directly related to phishing or its aftermath. The study suggests companies implement a variety of best practices to address the security gaps that have been identified and notes. The study stated: “It is important to invest sufficiently in employee training so that the “human “firewall” can provide the best possible initial line of defense against increasingly sophisticated phishing and other social engineering attacks.”
Small to Medium businesses are selected by cyber criminals as a primary focus for attacks like ransomware using phishing emails as a ploy to get in and gain access. These companies often lack an effective backup or more sophisticated technical solutions but can afford to pay a $500-$700 ransom fee. It is very often these employees that click on emails with malicious attachments.
Trend Micro analyzed June-July 2015 time frame with clicks on links of CryptoWall ransomware. A whopping 67% of the links were opened by SMB's. Large enterprise followed with 17%, and third came consumers with just 13%.
New school Security Awareness Training is really needed for every employee in any organization. It allows you to put in place a more effective human firewall and protect your corporate and financial assets. Ask for a quote and be pleasantly surprised how affordable it is: