Here are a few of the nuggets you will find in the report:
- 76% of organizations said they experienced phishing attacks in 2017.
- Nearly half of infosec professionals said that the rate of attacks increased from 2016 to 2017.
- The impacts of phishing were more broadly felt than in 2016, with an 80+% increase in reports of malware infections, account compromise, and data loss related to phishing attacks.
- UK organizations are more likely than their US counterparts to rely on once-a-year training models and passive security awareness training tools (like videos, newsletters, and email notifications). US organizations — which favor interactive training methods delivered on a monthly or quarterly basis — are more than twice as likely as UK organizations to report quantifiable results from their efforts.
- Smishing is a threat to watch in 2018. Our data shows that average failure rates on simulated smishing attacks are the same as those on email phishing tests. However, just 16% of global technology users surveyed were able to correctly identify the definition of smishing in a multiple-choice query.
Source: Quarterly surveys of infosec professionals for the 2018 State of the Phish Report
“The State of the Phish Report shows that simulated phishing attacks are certainly valuable tools in the battle against social engineering attacks, but it also reinforces the need for CSOs, CISOs and their teams to take a broader view of cybersecurity education,” said Joe Ferrara, Wombat President and CEO. “A cyclical approach to security awareness and training is the most effective. Organizations should employ a methodology that both raises awareness of cybersecurity best practices and teaches users how to employ these practices when they inevitably face a security threat.”