Enterprise Phishing Susceptibility and Resiliency Report

CERT-LatestNews Security News ThreatsActivists ThreatsCybercrime ThreatsEconomic Uncategorized
Enterprise Phishing Susceptibility and Resiliency Report.

Enterprise Phishing Susceptibility and Resiliency Report.

Welcome to PhishMe’s 2016 Enterprise Phishing Susceptibility and Resiliency report. The report it published in 2015 focused solely on susceptibility, only telling half of the story. Now, with over 5 million active installations of PhishMe Reporter across the globe, it can publish statistically significant metrics about the rate and accuracy of humans reporting phishing e-mails. It is excited to share this data as it has been missing from phishing studies in the past. Armed with this new data, PhishMe hopes that security organisations focus their attention on the ratio of Report-To-Click instead of dwelling on susceptibility metrics.

PhishMe has been collecting and aggregating phishing threat, simulation, and reporting data since 2008. This report evaluates user susceptibility, analysing why employees click on suspicious links and attachments including, for the first time, an additional area of analysis on the reporting of suspicious e-mails to measure the resiliency of conditioned employees.

To that purpose, this study examines data samples from more than 1 000 PhishMe customers who sent more than 40 million simulation e-mails from January of 2015 through July of 2016. Throughout this report, it will identify and highlight those phishing themes and emotional motivators that users find the most difficult to recognise and report and highlight how increased reporting impacts susceptibility.

Phishing and spear phishing remain the No 1 attack vector threatening organisations worldwide, continuing to challenge IT security teams as threat actors evolve their tactics to gain access to corporate networks, assets, and consumer data. Now, more than ever, organisations must be able to understand and identify the successful types of e-mail attacks, themes, and elements used to successfully phish employees so that we can determine how best to prepare and condition them to identify and report suspicious e-mails to internal IT security teams.

Please click here to download the Enterprise Phishing Susceptibility and Resiliency Report.

Our comments policy does not allow anonymous postings. Read the policy here