Phishing URLs Increase 640% as Organizations (Finally!) Embrace Security Awareness Training

The latest data from security vendor Webroot shows how cybercriminals are changing their attack methods and targets – and how Security Awareness Training makes the difference.

Webroot’s review of 2019 shows some interesting trends that will likely continue into 2020. According to the 2020 Webroot Threat Report, a few eye-opening stats come to light:

• Phishing Sites Are Constantly Changing – With more than a six-fold increase in the number of URLs used for phishing scams, it become increasingly difficult to simply stop an attack based on web address.
• Don’t use an older OS – Windows 7 is three times as likely to be attacked than Windows 10, with Webroot seeing a 125 percent increase in malware targeting Windows 7. With support for Windows 7 ending last month, this becomes worrisome if organizations remain on this unsupported OS.
• The same users become victims – Nearly half (49.6%) of business PCs that encountered an infection, did so two or more times in 2019.
• It only takes one PC – 93.6 percent of malware detections only involve a single PC.

Webroot does mention Gartner’s prediction that “by 2022, 60% of enterprise organizations will have comprehensive security awareness training programs,” citing the value of ongoing Security Awareness Training.

A recent in-depth KnowBe4 research project showed that nearly 38% of users who have not taken Security Awareness Training will fail a simulated phishing attack. But only 14% of those same users will fail within 90 days of completing their first KnowBe4 security awareness training. After at least a year on the KnowBe4 platform only 4.7% of those users will fail a phishing test.

The data here is strong – your users are still your weakest link, becoming victims time and time again. Through the use of New-school Security Awareness Training, your organization can significantly reduce the threat surface created through phishing attacks.