No matter how much you may warn employees to be wary of phishing scams, there will always be a few who can't resist clicking on a link received through their work email. But some of them may have been surprised recently to know they were part of a research project.
Clearwater-based KnowBe4, an online security awareness training firm, conducted the research to determine which industry sectors are most susceptible to phishing scams, which can leave companies susceptible to cybercrime. It discovered that travel, education, financial services, government services and IT services were most vulnerable, with between 20% and 25% of companies taking the bait.
KnowBe4 targeted small and medium businesses listed on the Inc. 500, then used a data-gathering service to get publicly available email addresses. Up to 29,000 experimental emails were sent out to more than 3,000 businesses, and in nearly 500 instances at least one employee clicked the attached link. Once those workers clicked, they were informed that they had just taken part in phishing research.
“Any business that provides access to email or access to its networks via the Internet is only as safe from cybercrime to the degree that its employees are trained to avoid phishing emails and other cyberheist schemes,” says Stu Sjouwerman, KnowBe4 founder and CEO. “The more employees within an organization that use email or go online, the greater the risk of exposure to cybercrime.”
Sjouwerman says businesses are not only at risk for financial loss through cyberheists, but their susceptibility to phishing tactics could compromise sensitive customer data such as credit card, bank account and Social Security numbers. He adds that antivirus software and in-house data security systems create a “false sense of security,” so firms need to be more vigilant in advising personnel not to click on any email links they aren't sure about.