Training Cuts Phishing Success

A new study by a security training company has found that even a few months of security awareness instruction can have a big impact on how well recipients respond to phishing attempts. In the education segment, specifically, KnowBe4 found that 27.16 percent of staff were "phishing-prone" — likely to open e-mails or click on files containing malware. After three months of training, the same people were 30 percent less likely to open such e-mail; and after a year, they were 88 percent less likely to do so.

KnowBe4 sells online training that's intended to help employees "make smarter security decisions." E-mail phishing, along with social engineering, is a common way for malware to make its way onto school networks.

For the recent study, the company drew from its database of 11,000 organizations, employing more than 6 million users. The phish-prone percentage was calculated by the number of people who clicked on a simulated phishing e-mail link or opened an infected attachment during a testing campaign that used the KnowBe4 platform. While the research project examined every type of business represented in its customer base, education fell right into the average of about 27 percent across all industries.

Small educational organizations — those with under 250 employees — were at the greatest risk, with phish-prone staffers making up 29 percent of all employees, compared to 26 percent of schools with 250 or more employees. After three months of computer-based training that used sample phishing e-mails, the smaller organizations saw the greatest gain, dropping to 17 percent vs. 20 percent for the larger entities. Following a full year of training and at least 10 phishing tests, in schools with fewer than 250 staff members, just 3 percent were likely to fall for a phishing test compared to 4 percent for their larger brethren.

KnowBe4's website includes a free tool that, with registration, allows IT organizations to run a phishing security test among employees, up to 100 users. Subscription pricing for the training service is based on a per-user, per-year basis.

"The new research uncovered some surprising and troubling results," said company CEO Stu Sjouwerman, in a press statement. "However, it also demonstrates the power of deploying new-school security awareness training by lowering a 27 percent Phish-prone result to just over 2 percent."

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • digital learning resources including a document, video tutorial, quiz checklist, pie chart, and AI cloud icon

    Quizizz Rebrands as Wayground, Announces New AI Features

    Learning platform Quizizz has become Wayground, in a rebranding meant to reflect "the platform's evolution from a quiz tool into a more versatile supplemental learning platform that's supported by AI," according to a news announcement.

  • red brick school building with a large yellow "AI" sign above its main entrance

    New National Academy for AI Instruction to Provide Free AI Training for Educators

    In an effort to "transform how artificial intelligence is taught and integrated into classrooms across the United States," the American Federation of Teachers (AFT), in partnership with Microsoft, OpenAI, Anthropic, and the United Federation of Teachers, is launching the National Academy for AI Instruction, a $23 million initiative that will provide access to free AI training and curriculum for all AFT members, beginning with K-12 educators.

  • stylized illustration of a desktop, laptop, tablet, and smartphone all displaying an orange AI icon

    Survey: AI Shifting from Cloud to PCs

    A recent Intel-commissioned report identifies a significant shift in AI adoption, moving away from the cloud and closer to the user. Businesses are increasingly turning to the specialized hardware of AI PCs, the survey found, recognizing their potential not just for productivity gains, but for revolutionizing IT efficiency, fortifying data security, and delivering a compelling return on investment by bringing AI capabilities directly to the edge.

  • Abstract AI circuit board pattern

    Nonprofit LawZero to Work Toward Safer, Truthful AI

    Turing Award-winning AI researcher Yoshua Bengio has launched LawZero, a nonprofit aimed at developing AI systems that prioritize safety and truthfulness over autonomy.