More Attention to Threats Yields a Better Informed Employee Base
In reviewing the results from the Beyond the Phish Report, Derek Brink, CISSP, Vice President and Research Fellow, Aberdeen Group said, “We should all be thankful to Wombat Security for sharing empirical data from nearly 20 million actual end-user assessments! The findings here are clear — organizations that measure user knowledge on a variety of security topics are gaining valuable insights into the most important factors of security risk, which can focus their efforts to address it.
“Depth of data, combined with a continuous, metrics-based approach to end-user security education, results in a solid knowledge improvement program. In my own analysis, successfully changing user behaviors has helped Wombat customers reduce security-related risks by about 60%.”
While there is room for improvement in all risk areas, the report also highlights categories where employees have answered the highest percentage of questions correctly. Not surprisingly, these were topic areas that organizations were also highly likely to assess.
- 90% of questions were answered correctly about building safe passwords.
- 85% of questions were answered correctly on how to best protect against physical risks, such as ensuring no one follows you into a secure area or not leaving sensitive files on your desk.
- 79% of organizations assess end users on internet safety, and 84% of the questions in this category were answered correctly.