The HHS #1 Mitigation Practice is E-Mail Protection Systems – Phishing Simulation. Phishing attacks via email (a type of hacking attack) are the most common first point of unauthorized entry into an organization. Hackers target the weakest link, humans; social engineering accounts for 98% of ransomware attacks.
Phishing attacks are becoming more complex and cybercriminals are regularly changing tactics. Focused phishing attempts at specific individuals, Spear Phishing, account for 91% of successful data breaches. Businesses therefore need to constantly educate their staff members to ensure training is not forgotten and to keep employees up to date with new threats.
Phishing email simulations are also effective in reinforcing training, gauging the effectiveness of training sessions, and spotting weak points.
Analyzing 6 million users over the course of 12 months uncovered surprising results. The overall industry initial Phish-prone percentage benchmark is a troubling 27%.
Fortunately, our new-school Security Awareness Training reduced the 27% by more than half in only 90 days. The 365-day results show that by the following these best practices, the final Phish-prone percentage can be reduced to a mere 2.17% on average.