More employees than ever before are accidently clicking on phishing e-mails, according to Terranova Security, who partnered with Microsoft during 11 days in October to test hundreds of companies in 98 countries in what they call their “Gone Phishing Tournament.”
Here’s what you need to know: Compared to 2019, the results of the 2020 report show just how imperative it is to train your employees to be able to identify and catch phishing attempts. While only 11.2% of employees clicked a link in 2019, almost 20% clicked in 2020.
Of those that clicked in 2019, only 16.2% submitted their password, sending their data to another party unknowingly. However, in 2020, that figure shot up to 67.5% of all those that clicked submitting passwords.
As Terranova notes in the report, when using a company with 1000 employees, “Based on these overall results, had this phishing simulation been an actual attack, nearly 200 employees would’ve clicked on the phishing email link and 134 of those individuals would’ve had their login information compromised, all during a single phishing incident.”
What might be even more concerning is that the top industry fooled by the phishing attempts was the Public Sector.
When looking just at SMBs, the report states that 20% of employees were fooled, with 58% of that group going as far as to submit, and thus compromise, their confidential information.
According to Terranova, “The rising popularity of remote workforces almost certainly means that employees will be interacting and sharing information with external contributors, vendors, and partners more frequently. This reality only makes effective phishing training more critical because of the increased variables that are not within its control.”
Their suggestion? Make phishing simulation training a priority.