Security by Sector: Construction Industry “Most Vulnerable” to Phishing Scams

Written by

The subject of how information security impacts different industry sectors is an intriguing one. For example, how does the finance industry fare in terms of information security compared to the education sector, or the entertainment business? Are there some sectors that face greater cyber-threats and risks than others? Do some do a better job of keeping data secure, and if so, how and why?

Phishing scams are a threat to all industries, but none as much as the construction sector – well, that’s according to new research from KnowBe4 anyway.

The firm’s recent Phishing by Industry report assessed businesses of varying sizes across 19 different sectors, breaking them down into three categories: small (up to 250 workers), medium (250-999) and large (1000+).

Those in the construction industry have the highest percentage of ‘phish-prone’ employees in both the small and medium-sized business categories, ranking at 38% and 37% respectively. The construction industry ranked second among the large company subset with 37%, topped only by the hospitality industry, which scored 48%. To determine that baseline of phishing risk, KnowBe4 administered a test to organizations that had not conducted any security awareness training. Users were not pre-warned about the test by staff and were going about their regular job duties.

However, KnowBe4 discovered that, after a period of training, it was possible to reduce phishing risk and make workers less likely to fall for a scam. After 90 days of combined computer-based training and simulated phishing security testing, the phishing-prone percentage score within the construction industry dropped to 16.8% (small companies), 19.7% (medium) and 15% (large), highlighting the effectiveness of staff phishing training.

After a further 12 months of such training, the scores dropped even further to 1.8%, 3.1% and 7.9%, respectively.

Craig Cooper, COO of Gurucul, said: “This report goes to show how far we still have to go before we can eradicate phishing threats.

“It’s often said that humans are the weakest link in the security chain. People are susceptible to phishing because these attacks exploit basic human nature, like curiosity and pride. Organizations would be wise to ensure that their users know about the potential dangers of clicking links and opening attachments in emails.”

What’s hot on Infosecurity Magazine?