KnowBe4, the provider of the world's largest platform for security awareness training and simulated phishing, has published the "Phishing by Industry Benchmark Report 2022". The underlying Phish-ProneTM Percentage (PPP) measures an organization by how many of its employees are likely to fall for phishing or a social engineering scam.

With ransomware payments averaging $580,000 in 2021 and business email compromise (BEC) losses averaging $1.8 billion in 2020, a cyberattack can have devastating consequences for a business. However, baseline testing conducted for the report found that without security awareness training across all industries worldwide, 32.4 percent of employees would likely click on a suspicious link or comply with a fraudulent request. In some large industries, such as consulting, energy and utilities, and healthcare and pharmaceuticals, the percentage is over 50 percent.

In the European region, the results were slightly better: 29.9 percent of untrained employees across all industries and company sizes were likely to click on a suspicious link or comply with a fraudulent request, compared to 31.1 percent in larger companies (more than 1,000 employees). .

KnowBe4 analyzed a dataset of over 9.5 million users across 30,173 organizations with over 23.4 million simulated phishing security tests across 19 different industries. The resulting baseline PPP measures the percentage of employees at organizations that had not completed KnowBe4 security training and who clicked on a simulated phishing email link or opened an infected attachment during testing. You can learn more here: https://www.knowbe4.de/wissen/phishing-benchmark-report

Mimikama tips

How can companies and employees protect themselves?

Many attacks are based on so-called “social engineering” . Before an attack, criminals collect information about a company, the company's processes and systems and its employees. This information is used to deceive employees into disclosing confidential information or data, making transfers or granting criminals internal access to the company.

Strengthening employees when it comes to cybersecurity is central to protecting the entire company. The following tips should therefore be observed:

  • Is the source trustworthy? Before you follow requests you receive by email, text message or telephone, you should ask yourself who the request is coming from. Does the sender address actually match the real company address? Do you know the phone number? Is the phone number suppressed? If so, isn't that a bit unusual for the CEO?
  • What does the sender know about you and the company? Cybercriminals can find out a lot of information about you or a company, but sometimes important information is missing. Here, too, it is important to think for a moment about whether you are even allowed to disclose certain changes or data or whether additional steps or information are necessary.
  • Does the request make sense? Your managing director absolutely needs several million euros now that a deal has been concluded? But have there been any negotiations for such a million-dollar deal recently? And wouldn't your CEO close the deal another way? Before you act, you should also think about the meaningfulness of the request. For example, it is unusual for your bank to want access data over the phone.
  • Use official channels! You should not enter secret data over the phone or via a link in a dubious email. Always log in via official websites and use additional communication channels to verify your identity!
  • Don't let yourself be pushed! If the urgency of a matter is emphasized, you should be particularly careful. With this method, criminals try to force quick action without the victims being able to think about the request. Explain that you need more time and need to talk to your manager about it.

In keeping with the topic: When it comes to phishing, simple “classics” guarantee success


If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:

📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.

Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!

* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!


Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )