PhishMe has teamed up with the University of Cambridge and London School of Economics to compile its 2015 Enterprise Phishing Susceptibility Report, a document analysing employee behaviour pertaining to highly effective phishing scenarios. Looking at over 8 million emails in their research, PhishMe were able to identify which type of attack emails have the highest penetration rates and provide guidance on how to reduce the risk posed.
Phishing is the most common cyberattack vector in use today, with countless numbers of scam emails be delivered to inboxes every day. The most salient of the findings were related to understanding which type of attacks had the highest penetration rates, including:
- 87% of the employees who opened a phishing simulation email did so on the day it was sent – which means organisations have little time to catch a targeted attack aimed at multiple employees.
- 67% of those who responded to a phishing email are repeat offenders and likely to respond to another phishing attempt.
- Business communication themed emails were most effective at phishing; those with the subject lines “File From Scanner” (36%) and “Unauthorised Activity/Access” (34%) had the highest penetration rates.
However, PhishMe didn’t stop there. They also wanted to see how risk can be reduced, so they tested behavioural conditioning techniques in order to aid employees in spotting the bad emails. In their trial, they found behavioural conditioning decreased susceptible employees’ likelihood to respond to a malicious email by 97% after just 4 simulations.
“Analytics resulting from the report reveal three very pertinent conclusions — that enterprises remain vulnerable to phishing-driven compromises, they need to place more reliance on employees to help them defend their organisations, and consistent training turns employees into informants that can spot attacks before they turn into catastrophes,” said Rohyt Belani, CEO and co-founder, PhishMe.
To view the full research report findings, visit http://phishme.com/enterprise-phishing-susceptibility-report/