Any time an end user recognizes a suspicious email and decides to not click on a link or download an attachment, it’s a victory for infosec teams, and attack avoidance is the most obvious goal of anti-phishing training. But it’s not enough for users to avoid clicking on a phish, as several presenters observed at the 2018 Wombat Wisdom Conference — they should also be empowered to report suspicious messages.
Users and infosec teams both stand to benefit from tools that streamline email reporting and analysis. For example, our PhishAlarm® email reporting button gives users a quick, simple way to forward suspicious messages to designated inboxes (with headers intact). It can also be combined with companion tools like PhishAlarm® Analyzer that help infosec teams respond more quickly and effectively to these potential attacks. (PhishAlarm and PhishAlarm Analyzer are optional free add-ons for our ThreatSim® Phishing Simulations product.)
Avoiding Clicks and Reporting Phish Go Hand in Hand
Effective security awareness training can dramatically decrease click rates on simulated phishing emails, which indicates end users are becoming more skillful at identifying and avoiding phishing emails. In conjunction with teaching avoidance, users should be taught to report any message that seems suspicious.
As part of our 2019 State of the Phish Report, we analyzed tens of millions of simulated phishing emails sent to our customers’ end users over a one-year span. Across all phishing campaigns and all industries, we observed an average failure rate of 9% — the same as in the previous year’s report. But one area where we saw a major change was in suspicious email reporting, with nearly 5.5 million reported by users during our measurement period — a 180% year-over-year increase.
Source: 2019 State of the Phish Report
This drastic increase reflects several factors: the wider adoption of our PhishAlarm reporting button and PhishAlarm Analyzer prioritization; our customers’ increased emphasis on reporting; and end users’ heightened phishing awareness (and application of lessons learned).
Putting Security Awareness into Action
The benefits of driving increased phishing awareness and end-user reporting can be seen in our case study for the City of Garland — a large community that is part of the Dallas/Fort Worth metroplex in Texas, U.S. When the City first implemented our security awareness training solutions, delivered through our partner Future Com, the users’ baseline failure rate was 31%. Within two years, the average failure rate across all campaigns had steadily dropped to just 3.4%. As users learned to identify the hallmarks of phishing attacks, they also began to report suspicious emails.
As part of its security awareness training program, the City installed our PhishAlarm button, making it easy for users to report suspicious emails and giving administrators visibility into the number and types of messages submitted. Within a handful of months, employees had used PhishAlarm to report more than 200 emails; of these, a third were simulated phishing attacks, and more than two-thirds were classified as potential phishing emails.
3 Benefits of Streamlined Email Reporting and Analysis for Users and Infosec Teams
1. Keeping Users Engaged and Alert
When users are aware of their important role in security and can easily report suspected phishing, it lets them put anti-phishing training into practice and keeps their skills fresh. PhishAlarm allows you to acknowledge the value of these actions via a thank-you email or pop-up message, which is a great way to build user confidence and offer positive reinforcement.
2. Measuring the Effectiveness of Security Awareness Training
An increase in email reporting indicates that users are being more diligent about the email they receive, and more thoughtful about the actions they’re taking. With PhishAlarm, you can easily track reporting metrics, which gives you an additional way to measure effectiveness and demonstrate ROI.
3. Reducing the Window of Active Phishing Attacks
While many other providers only offer simple reporting buttons, we go beyond by delivering valuable threat intelligence that helps infosec teams focus on the emails that are most likely to be phish. A time-saving tool, PhishAlarm Analyzer automatically prioritizes reported emails, filtering out whitelisted email addresses, system notifications, and simulated phishing attacks.
PhishAlarm and PhishAlarm Analyzer are also core components of our integrated Closed-Loop Email Analysis and Response (CLEAR) solution. CLEAR further streamlines reporting and remediation, reducing the time needed to neutralize an active threat from days to minutes. Once reported messages are analyzed against multiple intelligence and reputation systems, malicious emails can be deleted or quarantined with a single click.
