End Users Getting Better at Identifying Phishing Attacks

Users today are more likely to recognize a phishing attack than they were a year ago, according to data from Wombat Security Technologies. In the 2017 Beyond the Phish Report, the security awareness and training company analyzed the results of more than 70 million questions answered by end users who completed its assessments and training modules, covering a variety of information security topics. The users came from a range of industries, including healthcare, retail, manufacturing and education. Across all industries, users performed better this year on questions around identifying phishing attacks, answering incorrectly only 24 percent of the time on average, compared to 28 percent in 2016.

Other bright spots include:

  • Questions on social media were answered incorrectly 22 percent of the time, compared to 31 percent last year — giving the category the largest year-over-year improvement in the study;
  • In the category of working safely outside the office, users answered incorrectly 20 percent of the time, compared to 26 percent last year;
  • Overall, users did well in the area of protecting yourself against scams (a new category for 2017), answering incorrectly 14 percent of the time. Education users out-performed the average here, with just 10 percent of questions answered incorrectly; and
  • Password safety was the best understood category, with users answering incorrectly just 12 percent of the time.

The report also revealed a number of challenges:

  • The biggest problem area for end users across all industries was protecting confidential payment card and healthcare information. Questions on those topics were answered incorrectly 26 percent of the time overall. Education in particular was among the industries that struggled the most, with 29 percent of those questions answered incorrectly.
  • The category of protecting mobile devices and information saw the biggest downturn in performance year-over-year. Users answered 24 percent of those questions incorrectly in 2017, compared to 15 percent in 2016.
  • Across all industries, questions about protecting and disposing of data securely were answered incorrectly 25 percent of the time.
  • Nearly everyone missed more questions this year about using the internet safely (19 percent in 2017 compared to 16 percent in 2016). In particular, education users were among the worst performers, with 21 percent of questions answered incorrectly.

"We continue to see in our year-over-year results that reinforcement and practice are critical to learning retention. As with any learned skill, organizations need to work on cybersecurity awareness and knowledge to see continual improvements," said Joe Ferrara, president and CEO of Wombat, in a statement. "Organizations that focus on building a culture of security and empowering their employees to be a part of the solution develop the most sustainable and successful security awareness training programs."

The full report is available on the Wombat site (registration required).

About the Author

Rhea Kelly is editor in chief for Campus Technology, THE Journal, and Spaces4Learning. She can be reached at [email protected].

Featured

  • stylized illustration of a desktop, laptop, tablet, and smartphone all displaying an orange AI icon

    Survey: AI Shifting from Cloud to PCs

    A recent Intel-commissioned report identifies a significant shift in AI adoption, moving away from the cloud and closer to the user. Businesses are increasingly turning to the specialized hardware of AI PCs, the survey found, recognizing their potential not just for productivity gains, but for revolutionizing IT efficiency, fortifying data security, and delivering a compelling return on investment by bringing AI capabilities directly to the edge.

  • multiple laptops and a desktop computer on a colorful geometric background

    Microsoft Announces Windows 11 Updates for Faster Recovery, Redesigned Restart Screen

    Microsoft has introduced two new features in the latest version of Windows 11 that aim to reduce downtime and improve system recovery.

  • ClassVR headsets

    Avantis Education Launches New Headsets for ClassVR Solution

    Avantis Education recently introduced two new headsets for its flagship educational VR/AR solution, ClassVR. According to a news release, the Xcelerate and Xplorer headsets expand the company’s offerings into higher education while continuing to meet the evolving needs of K–12 users.

  • laptop displaying a network map with connected blue nodes and red warning icons

    Report Identifies Surge in Credential͏͏ Theft͏͏ and͏͏ Data Breaches͏͏

    A recent report from cybersecurity company Flashpoint Cyber͏͏ detected an escalation of threat activity across͏͏ multiple͏͏ fronts͏͏ during͏͏ the͏͏ first͏͏ half͏͏ of͏͏ 2025.