End Users Getting Better at Identifying Phishing Attacks

Users today are more likely to recognize a phishing attack than they were a year ago, according to data from Wombat Security Technologies. In the 2017 Beyond the Phish Report, the security awareness and training company analyzed the results of more than 70 million questions answered by end users who completed its assessments and training modules, covering a variety of information security topics. The users came from a range of industries, including healthcare, retail, manufacturing and education. Across all industries, users performed better this year on questions around identifying phishing attacks, answering incorrectly only 24 percent of the time on average, compared to 28 percent in 2016.

Other bright spots include:

  • Questions on social media were answered incorrectly 22 percent of the time, compared to 31 percent last year — giving the category the largest year-over-year improvement in the study;
  • In the category of working safely outside the office, users answered incorrectly 20 percent of the time, compared to 26 percent last year;
  • Overall, users did well in the area of protecting yourself against scams (a new category for 2017), answering incorrectly 14 percent of the time. Education users out-performed the average here, with just 10 percent of questions answered incorrectly; and
  • Password safety was the best understood category, with users answering incorrectly just 12 percent of the time.

The report also revealed a number of challenges:

  • The biggest problem area for end users across all industries was protecting confidential payment card and healthcare information. Questions on those topics were answered incorrectly 26 percent of the time overall. Education in particular was among the industries that struggled the most, with 29 percent of those questions answered incorrectly.
  • The category of protecting mobile devices and information saw the biggest downturn in performance year-over-year. Users answered 24 percent of those questions incorrectly in 2017, compared to 15 percent in 2016.
  • Across all industries, questions about protecting and disposing of data securely were answered incorrectly 25 percent of the time.
  • Nearly everyone missed more questions this year about using the internet safely (19 percent in 2017 compared to 16 percent in 2016). In particular, education users were among the worst performers, with 21 percent of questions answered incorrectly.

"We continue to see in our year-over-year results that reinforcement and practice are critical to learning retention. As with any learned skill, organizations need to work on cybersecurity awareness and knowledge to see continual improvements," said Joe Ferrara, president and CEO of Wombat, in a statement. "Organizations that focus on building a culture of security and empowering their employees to be a part of the solution develop the most sustainable and successful security awareness training programs."

The full report is available on the Wombat site (registration required).

About the Author

Rhea Kelly is editor in chief for Campus Technology, THE Journal, and Spaces4Learning. She can be reached at [email protected].

Featured

  • laptop displaying a glowing digital brain and data charts sits on a metal shelf in a well-lit server room with organized network cables and active servers

    Cisco Unveils AI-First Approach to IT Operations

    At its recent Cisco Live 2025 event, Cisco introduced AgenticOps, a transformative approach to IT operations that integrates advanced AI capabilities to enhance efficiency and collaboration across network, security, and application domains.

  • magnifying glass highlighting a human profile silhouette, set over a collage of framed icons including landscapes, charts, and education symbols

    New AI Detector Identifies AI-Generated Multimedia Content

    Amazon Web Services and DeepBrain AI have launched AI Detector, an enterprise-grade solution designed to identify and manage AI-generated content across multiple media types. The collaboration targets organizations in government, finance, media, law, and education sectors that need to validate content authenticity at scale.

  • students raising their hands and participating in a classroom discussion

    Report Explores Link Between Student Engagement and Learning

    Over 90% of teachers, principals, and superintendents agree that student engagement is a critical metric for understanding overall achievement, according to a new survey report from Discovery Education.

  • Businessman Holding Light Bulb and Digital Brain

    Zoom to Fund AI Education with $10 Million in Grants

    Zoom Cares, the global social impact arm of collaboration platform Zoom, has announced a three-year, $10 million commitment to expand access to AI education and opportunity through both national and regional grants.