Employees who always click on links in phishing emails – report
“The third edition of the report is a powerful reminder to organizations around the world that the deployment of real-world phishing simulations as an educational tool is more crucial than ever,” said Lise Lapointe, CEO of Terranova Security and author of the report. “By testing end-user knowledge with simulated attacks similar to threats they may encounter in their day-to-day operations, organizations can more easily change user behaviors and protect their sensitive information. “
Read more: Expert: Phishing attacks against home workers are on the rise
Employees in finance and insurance were among those with the highest click-through rates at 26.6%, falling just behind participants in the education sector, who had a click-through rate of 27 , 6%. Information technology end users ranked third with a click-through rate of 25.6%. All three industries had above-average phishing email click-through rates.
In terms of download rates, the finance and insurance industry ranked slightly above the test average at 14.6%, falling to fourth on the list. Participants from the education and IT industries recorded the highest percentage of downloaders at 21.9% and 21.6%, respectively.
The IT industry also had the highest click-to-download ratio of any industry, with 84% of those who clicked the initial phishing link ultimately downloading the malicious file.
Read more: “We have seen a huge proliferation of very successful phishing campaigns”
The report also showed that organizations with more than 3,000 employees performed the worst of any size segment, with an email link click-through rate of 18% and a document download rate of 12%. . Of all the size brackets, they also had the highest click-to-download ratio at 66%.
Of the five regions where phishing tests were conducted, organizations in North America performed the best, claiming both the lowest email link click-through rate (19.2%) and the document download rate (11.8%). As a result, the click-to-download rate for North American businesses was significantly lower than all other regions, at 61.5%.
The numbers contrasted sharply with last year’s results, which placed North America last compared to other regions. The top performing region from the previous event, Latin and South America, had the second highest click / download rate (78.6%) in 2021.
After outperforming their North American counterparts in 2020, European organizations posted higher rates in all areas in 2021, including a click / download rate of almost 74%, up more than 12 percentage points compared to last year.
“It is clear that there is room for improvement in all areas,” said Theo Zafirakos, chief information security officer at Terranova Security. “Establishing, maintaining and optimizing a training program that incorporates ongoing awareness activities and phishing simulations is an essential part of strong information security. “
“Phishing threats have become more and more frequent [over the years], “he added.” Organizations need to take this reality seriously and implement strong awareness training initiatives. “