The latest data from Proofpoint shows improvement in user cyber-awareness, but organizations have a long way to go to consider users able to help prevent attacks.
You can put every security solution in place that you want and some percentage of malicious emails, webpages, and social engineering scams will still make it through to your users. It would certainly help if your users had – at a bare minimum – a basic understanding of terms used to describe cyberattack methods. While not effective in stopping attacks, having the knowledge that these attack types exist would elevate a user’s awareness to perhaps lower the organization’s risk.
But, according to Proofpoint’s 2019 State of the Phish Report, users lack even the most basic education. When asked very rudimentary questions, the following average percentage of users globally got them wrong or didn’t know the answer:
- What is Phishing? 34%
- What is Ransomware? 55%
- What is Smishing? 77%
- What is Vishing? 81%
The Proofpoint data points out the need for organizations to assume their users, in general, have zero idea about cyberattacks and acknowledge the inherit risk that brings. When users aren’t educated on cyberthreats, they become easy prey for cybercriminals.
Organizations seeking to elevate their user’s understanding about cyberattacks, the methods used, the role played by social engineering, how they can spot suspicious web pages, text links, and emails – and why they should care – need to implement continuous Security Awareness Training and phishing testing. The training makes users realize the need to be vigilant, providing them with skills to distinguish maliciously-intended content. The testing provides organizations with a feedback loop, helping to identify which users remain a weak link in your user security.
Users today by-and-large have no real understanding of the attacks that will and do make it to the users Inbox or web browser. Education is the key to “patching” this insecure part of your security strategy.
Request A Demo: Security Awareness Training
Get a product demonstration of the innovative Kevin Mitnick Security Awareness Training Platform. In this live one-on-one demo we will show you how easy it is to train and phish your users as your last line of defense against phishing and other social engineering attacks. Request your demo and see how easy it is!
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser: