I don't normally pilfer from John's Your It Consultant blog but this story belonged in my blog too.
A new report from PhishMe found that 91% of cyberattacks start with a phish. The top reasons people are duped by phishing e-mails are curiosity (13.7%), fear (13.4%), and urgency (13.2%), followed by reward/recognition, social, entertainment, and opportunity. "Fear and urgency are a normal part of everyday work for many users," says Aaron Higbee, co-founder and CTO of PhishMe. "Most employees are conscientious about losing their jobs due to poor performance and are often driven by deadlines, which leads them to be more susceptible to phishing."
Dark Reading summarized the report findings:
Susceptibility to phishing e-mail drops almost 20% after a company runs just one failed simulation. So people do learn.
Reporting rates significantly outweigh susceptibility rates when simple reporting is deployed to more than 80% of a company's population, even in the first year.
Active reporting of phishing e-mail threats can reduce the standard time for detection of a breach to 1.2 hours on average – a significant improvement over the current industry average of 146 days. This was an important aspect of this report, notes Higbee, who says the study also includes results from more than 300,000 users in organizations that actively use the PhishMe Reporter tool for more than one year.
The study also found that users respond to Locky ransomware's phishing lures (21.5%) more than any other malware variant. The others that followed Locky included order confirmation (17%), job application received (15.5%), and blank email (11.9%).
People can learn, but you have to help by training them and reporting the results!
E-mail: firstname.lastname@example.org Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology