Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Users Are Still Falling for Phishing Attacks. Want to Know Why?

    user phishing attackWith phishing and spear phishing so prevalent as the primary initial attack vector for malware, ransomware, and data breach attacks, why aren’t users getting wise.

    There’s no denying that phishing is a problem. With increases in phishing attacks as much as 6000%, cybercriminals have zeroed in on their easiest (and most helpful) part of your security to bypass: your users. Your users play a needed role in attacks – the initial launching of malicious software, scripts, or documents through links or attachments.

    Without your users, the bad guys have no ability to infect your environment.

    But, it’s not like phishing is something new. Organizations are keenly aware that it’s a problem – so much, that they spend material portions of the IT budget on solutions aimed at detecting and blocking malicious web and email content. Even so, a portion of phishing attacks still make it all the way to the user’s Inbox… and users fall for the well-crafted social engineering incorporated in the phishing attack.

    So, why do users still fall for these attacks when they know phishing emails exist and they are a target?

    Suelette Dreyfus, an academic specialist at the School of Computing and Information Systems at the University of Melbourne, spoke at Australia’s ITWeb Security Summit this year on the very subject. According to Dreyfus, part of the issue is the massive amount of email received: “Surely, people getting a lot of external mails, would ‘wise up?’ In real life, any awareness of phishing was often overwhelmed by the constant ‘tsunami’ of mails.” Another problem is the

    Another issue is the perceived security of the office environment by users. According to Dreyfus, “so, goes the thinking of the employee, there is less chance they’ll encounter a suspicious mail.” It demonstrates that organizations aren’t doing enough educating of their employees through Security Awareness Training about their importance and necessity of their role in the organization’s security.

    Lastly, the security culture within the organization is important. According to Dreyfus, “Cyber security has to wrap around the processes of the human, not impose from the top down.” In essence, organizations need to make good cybersecurity practices an integral part of a user’s everyday functions. This, too, is stressed within Security Awareness Training.

    Users remain the weakest link in your security strategy. It’s time to “patch” this vulnerability through proper education, teaching users not just what to do to avoid becoming a victim, but why as well.

     

    Return To KnowBe4 Security Blog

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    PST ResultsHere's how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry

    Go Phishing Now!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/phishing-security-test-offer

    Topics: Phishing, Spear Phishing

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews