Sep 19, 2017 SOURCE: PR NewsWire

Beyond the Phish Report from Wombat Security Reveals the No. 1 Problem Area for End-Users is Protecting Confidential Information

PITTSBURGH, Sept. 19, 2017 /PRNewswire/ -- Wombat Security Technologies (Wombat), the leading provider of cyber security awareness and training, today announces the release of its 2017 Beyond the Phish Report. The analysis of more than 70 million questions and answers - a significant increase from 20 million in 2016 - across 10 categories identifies strengths and weaknesses tied both directly to phishing and threats beyond the phish. The report examines end-user knowledge of business-critical best practices such as data protection measures, mobile device security, safe social sharing and password hygiene. Understanding of these knowledge levels is critical as poor cyber hygiene in these areas can compound the phishing threat and weaken security postures in general.

Though there is a modest overall improvement in the rate of questions answered incorrectly compared to 2016, a drop of nearly 10%, gains and losses in various categories offset each other. In addition to analyzing results by category level, Wombat also examined industry data to see how various industries compared on both a general and category-specific level. Highlights from the 2017 User Risk Report are incorporated throughout to compare knowledge levels to admitted end-user behaviors.

"We continue to see in our year-over-year results that reinforcement and practice are critical to learning retention. As with any learned skill, organizations need to work on cybersecurity awareness and knowledge to see continual improvements," said Joe Ferrara, President and CEO of Wombat. "Organizations that focus on building a culture of security and empowering their employees to be a part of the solution develop the most sustainable and successful security awareness training programs. By sharing our data in the Beyond the Phish Report, we hope to be a part of building those cultures and helping organizations successfully change behavior in previously undiscovered areas of vulnerability."

Key areas from the report analysis that reveal room for improvement include the following:

    --  The number one problem area for end users, with 26% of questions missed,
        is protecting confidential payment card and healthcare information.
        Users struggled the most with questions around the use of shared login
        credentials.
    --  Protecting mobile devices and information saw the most significant
        downgrade in performance year-over-year, with users struggling to
        understand the implications and ramifications of unsafe mobile
        applications and invasive permissions.
    --  Employees in healthcare, transportation and retail performed the lowest
        on average across all categories.
    --  End-users across all industries answered a quarter of questions
        incorrectly around the protection and disposal of personally
        identifiable information.
    --  All but one industry performed worse in questions around using the
        internet safely after positive numbers in 2016, showing that
        organizations cannot make assumptions about levels of risk from one year
        to the next.

While there is always room for improvement with regard to managing end-user risk, the 2017 Beyond the Phish Report also highlights categories and industries in which employees are improving year-over-year and have answered the highest percentage of questions correctly:

    --  All industries saw an improvement over 2016 in questions around
        identifying phishing attacks. The rate of incorrectly answered questions
        was 24% on average in 2017 compared to 28% on average in 2016.
    --  Social media use saw the largest year-over-year improvement, a positive
        trend as the use of social media platforms continues to rise globally.
    --  Working safely outside the office also showed a significant improvement
        year-over-year, which continues to be important to organizations as 43%
        of employees work remotely at least part of the time according to
        Gallup.
    --  On average, end-users performed well on the new category around
        protecting yourself against scams, which focuses on the recognition of
        different types of social engineering techniques.
    --  As in 2016, the best understood category for end-users focused on
        password safety where only 12% of answers were incorrect in 2017.

Furthermore, the 2017 Beyond the Phish Report shows it's important for organizations to use a combination of simulated attacks and question-based knowledge assessments to evaluate their end users' susceptibility to phishing attacks. For example, the 2017 State of the Phish Report revealed an 18% click rate on phishing attacks with healthcare employees, yet 26% of questions around phishing were answered incorrectly in this same industry. Using both types of assessment tools gives a more complete picture of vulnerability.

About the Beyond the Phish Report
The 2017 Beyond the Phish Report evaluated more than 70 million questions answered by the end-users of Wombat Security customers in ten categories within Wombat's CyberStrength® Knowledge Assessments and training modules from June 2016 through May 2017. The report highlights strengths and weaknesses tied both directly to phishing and goes beyond the phish to analyze knowledge of other business-critical practices, including data protection measures, mobile device security, safe social sharing, and password hygiene. You can download the full report here.

About Wombat Security Technologies
Wombat Security Technologies provides information security awareness and training software to help organizations teach their employees secure behavior. Their SaaS-based cybersecurity education solutions include a platform of integrated broad assessments, as well as a library of simulated attacks and brief interactive training modules. Wombat's solutions help organizations reduce successful phishing attacks and malware infections up to 90%. Wombat, recognized by Gartner as a leader in the Magic Quadrant for Security Awareness Computer-Based Training Vendors, is helping small and medium businesses, as well as Fortune 1000 and Global 2000 customers in industry segments such as finance and banking, energy, technology, higher education, retail, and consumer packaged goods to strengthen their cybersecurity defenses.

View original content with multimedia:http://www.prnewswire.com/news-releases/beyond-the-phish-report-from-wombat-security-reveals-the-no-1-problem-area-for-end-users-is-protecting-confidential-information-300521521.html

SOURCE Wombat Security Technologies

Related News

Fortress Information Security Adds New Partner In Securing U.S. Power Grid

Information Security Forum Launches Threat Horizon 2022

RunSafe Security Appoints Veteran Security Experts to Technical Advisory Board

Harold Gonzalez Named loanDepot Chief Information Security Officer

New KnowBe4 Study Finds Leaders Value Strong Security Culture But Struggle to Define and Implement It

SlashNext Launches URL Analysis & Enrichment to Automate Phishing Incident Response

NetSTAR Sees Rise in Phishing Scams Related to COVID-19

Battling Cybercrime by Adding Cloud Internet Security to SD-WAN

View all News

Latest Procurements

Work Health and Safety Management System Software

The National Capital Authority are seeking a work health and safety management system (WHSMS) software package.

Industry Briefing April 2024 - Defence Estate Capital Works Program

On 17 April 2024, the 2024 National Defence Strategy and Integrated Investment Program was launched. Defence invites industry to attend a virtual briefing in relation to the Defence estate and...

Community Perceptions Survey

This Approach to Market (ATM) is for the provision of a supplier to manage the communication of the Community Perception Survey

View all Procurementsp

Agenda

June

FranceParc des Expositions de Paris Nord Villepinte ZAC Paris Nord 2, 93420 Villepinte – France (Halls 5a – 5b – 6)

Eurosatory 2024, 17 - 21 June 2024, Parc des Expositions de Paris Nord Villepinte ZAC Paris Nord 2, 93420 Villepinte – France (Halls 5a – 5b – 6)

Eurosatory 2024 There can be no sustainable world without peace and security. Founded in 1967, the exhibition...

May

Paris Marriott Rive Gauche & Conference Center

Future Artillery, 21-23 May 2024, Paris Marriott Rive Gauche & Conference Center, France

DELIVERING FIRES IN THE MULTI-DOMAIN BATTLESPACE As artillery reasserts itself as the ‘King of Battlefield’ in the wake...

May

United Arab EmiratesADNEC (Abu Dhabi National Exhibition Centre), Abu Dhabi, Al Khaleej Al Arabi St - Al Rawdah - Al Ma'arid - Abu Dhabi, UAE

ISNR Abu Dhabi 2024, 21-23 May 2024, ADNEC (Abu Dhabi National Exhibition Centre), Abu Dhabi, Al Khaleej Al Arabi St - Al Rawdah - Al Ma'arid - Abu Dhabi, UAE

ISNR ACCELERATING TRANSFORMATION IN THE NATIONAL SECURITY ECOSYSTEM ISNR Abu Dhabi is the region’s most trusted...

View All Events

Companies

INDUMIL - Industria Militar

Guizhou Aviation Industry Import/Export Co. (GAIEC)

RT Systems Ltd.

View All Companies