There are a lot of companies that depend on their employees to stop phishing attacks. In effect, their employees are their last line of defense. Seeing as how the cost of phishing attacks is now in the tens of billions of dollars per year (nobody knows the exact amount since victims are so reluctant to come forward), it seems like the employees stopping phishing attacks thing isn’t working too well. And now we know why.
From KnowBe4, “According to a recent poll of 1,000 U.K. users U.K.’s Computer Disposals Limited asked to identify whether an email or text was legitimate or not by choosing to either click the provided link or delete the message, 95% of them failed to properly identify all 10 examples. Even when simply erring on the side of caution and choosing to delete messages rather than engage with them, only 44% identified the authentic messages.”
That’s right, 5% of users couldn’t tell a malicious email from a safe one. And that’s the last line of defense. That’s the one stat that lets you know you need help stopping phishing attacks.
There are two things to be taken from that number: users aren’t particularly good at identifying phishing emails and phishing emails are hard to detect. “This quiz demonstrates that it’s very difficult these days to spot the fake message from the real one. The really bad part of this is the examples provided don’t even use real logos (e.g., “PayMe” instead of “PayPal”), making us lose confidence in an untrained user’s ability to easily differentiate between what’s business-related and what’s a phish.”
One source of help stopping phishing attacks is to train your employees to spot phishing emails. That’s a good choice, but it’s not perfect. We know from research that even with heavily trained employees, 2% of phishing emails get through. Unfortunately, it only takes one to put your entire company at risk and with hundreds of phishing emails arriving each month, you won’t make it through the month if all you do is employee awareness training.
Another, more effective source of help, is to deploy cloud-based Phishing Protection software with real-time link click analysis like that available from DuoCircle. Not only does Phishing Protection do a better job against phishing emails than employee training, but in most cases, at just 45₵/mo per user, it costs less too.
Phishing Protection is also a faster fix. While it could take months to train all your employees, protecting all your employees with Phishing Protection takes about 10 minutes.
It’s cheaper, it’s faster and it’s more effective. If the 5% number scares you and you want to do something about it, your best bet is Phishing Protection from DuoCircle. You can try it free for 60 days.