By Khalifa Hemed
Published July 16, 2022
Close to 33 per cent of employees are likely to click on a phishing link according to a new report titled Phishing by Industry Benchmarking.
The report, by KnowBe4 that specialises in security awareness training and simulated phishing platform, shows that without cyber security training many employees are likely to fall for phishing or a social engineering scam.
Knowbe4 says the baseline testing it conducted for its Phishing by Industry Benchmarking Report to measure an organisation’s Phish-Prone Percentage (PPP) and how many of their employees are likely to fall for phishing or a social engineering scam indicates that without online security awareness, across all industries globally, 32.4% – 50% of employees are likely to click on a suspicious link or comply with a fraudulent request.
RELATED: Kenya Fights Mobile and Online Fraudsters
KnowBe4 says it analysed a data set of more than 9.5 million users across 30,173 organisations, with more than 23.4 million simulated phishing security tests across 19 industries.
When organisations implemented a combination of training and simulated phishing security testing after their initial baseline measurement, results changed dramatically. In 90 days after completing monthly or more frequent security training, the average PPP decreased to 17.6%. After twelve months of security training and simulated phishing security tests, the average PPP dropped to five percent, indicating that new habits become normal, fostering a stronger security culture.
RELATED: Endurance Sport Invites Participants to the Magical Indian Ocean Coast
The report notes that Africa faces a growing array of cyber threats from espionage, critical infrastructure sabotage and organized crime. It also notes a skills shortage, with a growing 100,000-person gap in certified cybersecurity professionals.
While technology plays an important role in preventing and recovering from an attack, KnowBe4 says organisations cannot afford to ignore the human factor.
RELATED: Don’t Fall Prey to Cyber Fraud
“In critical industries like Energy & Utilities and Healthcare & Pharmaceuticals where lives can be severely impacted, we found particularly high levels of cybersecurity risk as a result of simulated phishing test failures,” says Stu Sjouwerman, CEO ot KnowBe4. “With the steep cost of cyberattacks, this is deeply concerning. Given that most data breaches originate from social engineering, we cannot afford to omit the human element. Implementing security awareness training with simulated phishing testing will help to better protect organisations against cyber-attacks and result in a more secure organisational culture.”