itb-au logo
Story image

Do we need cybersecurity training? Phishing remains problem area

There is a need for ongoing education in cybersecurity to significantly reduce the risks of attacks, according to the findings of a new report from Proofpoint. 

In its fourth annual Beyond the Phish report, which examines end-user understanding of a broad range of cybersecurity topics and best practices, it was revealed that end users incorrectly answered one in four questions about phishing.

The report features analysis of data related to nearly 130 million cybersecurity questions and offers insights into employee knowledge levels across 14 categories, 16 industries, and more than 20 commonly used department classifications.

“Cybercriminals are experts at gathering personal information to launch highly targeted and convincing attacks against individuals,” says Amy Baker, vice president of Security Awareness Training Strategy and Development for Proofpoint. 

“Implementing ongoing and effective security awareness training is a necessary foundational pillar when building a strong culture of security. Educating employees about cybersecurity best practices is the best way to empower users to understand how to protect theirs and their employer’s data, making end users a strong last line of defense against cyber attackers," she explains.

Phishing remains a leading concern for organisations worldwide. Overall, one in every four questions in the “Identifying Phishing Threats” and “Protecting Data Throughout Its Lifecycle” categories were answered incorrectly. 

The report signifies that while employees have become more familiar with the hallmarks of phishing attacks and the need to protect data, knowledge gaps remain that cybercriminals can exploit.  The report found that 83% of global organisations experienced phishing attacks in 2018, underscoring the urgent need to educate end users.

Additional 2019 Beyond the Phish key findings include:

  • Communications was the best performing department, with end users correctly answering 84 percent of questions.
  • Finance was the best performing industry, with end users answering 80% of all questions correctly.
  • End users in the Insurance industry delivered the best performance in three of the 14 categories analysed, specifically excelling in the “Avoiding Ransomware Attacks” category.
  • Customer Service, Facilities, and Security were among the worst performing departments, incorrectly answering an average of 25% of cybersecurity questions asked. As these are respondent-defined department designations, the Security department could include both physical security and cybersecurity.
  • End users in the Education and Transportation industries struggled the most, on average, answering 24% of questions incorrectly across all categories.
  • Hospitality employees scored the lowest in three categories, including “Physical Security Risks,” in which 22% of questions were answered incorrectly.

"Organisations need to be persistent and thorough in their security awareness training programs considering the end-user behaviours that influence and impact overall security postures," says Baker. 

"This annual report reiterates the need to go beyond the use of phishing tests to evaluate end-user susceptibility and cyber threat knowledge.

“It’s important to remember that not all security incidents stem from an attack; many issues result from limited awareness and poor security practices. Our research has shown a significant increase in safe behaviours when organisations take a well-managed, continuous approach to training across all cyber topics," she explains.

Story image
Aussie businesses turn to financial automation during time of economy uncertainty
“Cloud-based solutions are becoming an increasingly useful tool for improving online experience, accelerating speed to market and contributing to the easing of operational cost pressures; all of which is business critical right now.” More
Link image
The blueprint for hybrid IT and edge deployments
To compete in an environment getting closer to the edge, enterprises must turn to colocation and interconnection to rich ecosystems to help regain control over networking.More
Story image
Gartner: By 2023, 65% of the world will have personal data covered under modern privacy regulations
“Security and risk management (SRM) leaders need to help their organisation adapt their personal data handling practices without exposing the business to loss."More
Story image
Ericsson bolsters 5G portfolio with $1.1b Cradlepoint buyout
Ericsson will acquire Cradlepoint to create greater market share in the enterprise 5G space, boosting Ericsson’s existing 5G portfolio that includes IoT and enterprise network solutions.More
Story image
Blue Prism extends human-to-digital worker collaboration with new Interact capability
Blue Prism Interact is a human-to-digital worker collaboration capability that enables employees to team up with digital workers to initiate, instruct, verify, receive, and authorise a variety of business processes through the digital workforce.More
Story image
Fortinet’s ‘zero trust’ approach redefining security
Cornelius Mare, Fortinet A/NZ Director, Security Solutions, explains why taking a ‘zero trust network access’ approach to cybersecurity requires fully-integrated and comprehensive security services and policies.More