Training Cuts Phishing Success

A new study by a security training company has found that even a few months of security awareness instruction can have a big impact on how well recipients respond to phishing attempts. In the education segment, specifically, KnowBe4 found that 27.16 percent of staff were "phishing-prone" — likely to open e-mails or click on files containing malware. After three months of training, the same people were 30 percent less likely to open such e-mail; and after a year, they were 88 percent less likely to do so.

KnowBe4 sells online training that's intended to help employees "make smarter security decisions." E-mail phishing, along with social engineering, is a common way for malware to make its way onto school networks.

For the recent study, the company drew from its database of 11,000 organizations, employing more than 6 million users. The phish-prone percentage was calculated by the number of people who clicked on a simulated phishing e-mail link or opened an infected attachment during a testing campaign that used the KnowBe4 platform. While the research project examined every type of business represented in its customer base, education fell right into the average of about 27 percent across all industries.

Small educational organizations — those with under 250 employees — were at the greatest risk, with phish-prone staffers making up 29 percent of all employees, compared to 26 percent of schools with 250 or more employees. After three months of computer-based training that used sample phishing e-mails, the smaller organizations saw the greatest gain, dropping to 17 percent vs. 20 percent for the larger entities. Following a full year of training and at least 10 phishing tests, in schools with fewer than 250 staff members, just 3 percent were likely to fall for a phishing test compared to 4 percent for their larger brethren.

KnowBe4's website includes a free tool that, with registration, allows IT organizations to run a phishing security test among employees, up to 100 users. Subscription pricing for the training service is based on a per-user, per-year basis.

"The new research uncovered some surprising and troubling results," said company CEO Stu Sjouwerman, in a press statement. "However, it also demonstrates the power of deploying new-school security awareness training by lowering a 27 percent Phish-prone result to just over 2 percent."

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • silhouetted human figures stand opposite a glowing digital brain, surrounded by abstract circuits and shadowy shapes

    Tech Execs Expect AI Advancements to Increase Security Threats

    Forty-one percent of tech executives in a recent international survey said they believe advancements in AI will significantly increase security threats. NetApp's second annual Data Complexity Report points to 2025 as "AI's make or break year."

  • minimalist geometric grid pattern of blue, gray, and white squares and rectangles

    Windows Server 2025 Now Generally Available

    Microsoft has announced the general availability of Windows Server 2025. The release will enable organizations to deploy applications on-premises, in hybrid setups, or fully in the cloud, the company said.

  • glowing AI symbol integrated into a stylized cloud icon, surrounded by interconnected digital nodes and translucent security shields, set against a gradient white-to-blue background with grid lines and abstract risk charts

    Cloud Security Alliance Report Offers Framework for Trustworthy AI

    A report from the Cloud Security Alliance highlights the need for AI audits that extend beyond regulatory compliance, and advocates for a risk-based, comprehensive methodology designed to foster trust in rapidly evolving intelligent systems.

  • computer monitor with glowing digital data and graphs bursting out in an abstract, energetic explosion of lines and elements against a dark background

    New OpenAI Agent Turns ChatGPT into a Research Analyst

    OpenAI has unveiled a new "Deep Research" feature that enhances ChatGPT with the capabilities of a "research analyst" that automates time-consuming research by retrieving, analyzing, and synthesizing online information.