Our Business Support Administrator Megan clicks the link in the phishing email sent by our Business Manager, Keven. Instantly, Kev gets a notification that someone from his sample group has clicked the dodgy link and assigns them anti-phishing training.
This was a test of our new phishing training platform, and Kev directly asked Megan to click the link. But in an everyday situation, how many of your employees would have clicked and tried to claim their free pizza, or download an unexpected invoice, or learn about the generous new bonus scheme?
According to Verizon’s Data Breach Investigations Report, 82% of breaches in 2022 involved the human element, including phishing, stolen credentials, and error. 35% of ransomware incidents were triggered by email phishing attacks. And:
“… while only 2.9% of employees may actually click on phishing emails, a finding that has been relatively steady over time, that is still more than enough for criminals to continue to use it. For example, in our breach data alone, there were 1,154,259,736 personal records breached. If we assume those are mostly email accounts, 2.9% would be 33,473,532 accounts phished (akin to successfully phishing every person in Peru).”
(Verizon 2022 DBIR, p. 34)
Technically experienced individuals aren’t immune either: the highly successful and hugely respected Linus Tech Tips YouTube channel, which boasts 6.8 billion views and 15.3 million subscribers (correct as of March 2023), was temporarily lost to cryptocurrency scammers after one of the team fell victim to a phishing attack.
If current phishing attempts are sophisticated enough to catch out even those who are very scam-aware, how can your organisation identify the 2.9% of its workforce likely to fall prey to a phishing email? More importantly, how do you stop them clicking that link?
There’s no easy fix, but regular and focused training can help. ID Cyber is partnering with EC-Council to offer Aware, a phishing simulator and training platform, which we will be releasing in the coming weeks. Through the platform, we can send your employees tempting emails, identify who opens the message and/or clicks the dodgy link (which diverts to a page to alert them of the phish), and assign targeted training based on their level of interaction. Emails are designed to be as convincing as possible while still showcasing key features that employees should look out for, and that are reinforced through the post-simulation training. Finally, the system generates advanced reports so that you can track how well your employees are performing in phishing tests and whether they’ve completed the training they’ve been set.
Register Your Interest Today
Interested in making your employees more Aware? Register your interest via the contact form to be notified when the platform is available.