Organizations have just hours to stop targeted attacks during their first stages, after new research revealed almost 90% of users open phishing emails on the day they are sent.
User training firm PhishMe sent eight million phishing emails out to over three million employees working across 23 industries around the world to compile its Enterprise Phishing Susceptibility Report.
Unfortunately the results showed that much work has still to be done to educate users to be more security savvy when they come to check their inbox.
Some 87% opened the phishing email on the day it was sent, while most responded in the morning.
In addition, two-thirds (67%) of those who open a phishing email are likely to make the same mistake again.
The peak average response rate came on a Wednesday, while 8 am was the most popular time by far for opening a phishing email.
The most effective way to elicit a response to an unsolicited email was with a business comms-themed message.
Those with the subject lines File From Scanner (36%) and Unauthorised Activity/Access (34%) were the most effective.
Yet there was some good news to be had from the research.
PhishMe found that “behavioral conditioning” reduced the likelihood of susceptible employees responding to malicious emails by 97% after just four simulations.
It also revealed that after undergoing this kind of awareness training, employees were likely to report a malicious attack 15 minutes before the first download.
In this way, staff can be transformed from the weakest link into an extra layer of defense for under-pressure IT security bosses.
“Analytics resulting from the report reveal three very pertinent conclusions—that enterprises remain vulnerable to phishing-driven compromises, they need to place more reliance on employees to help them defend their organisations, and consistent training turns employees into informants that can spot attacks before they turn into catastrophes,” said PhishMe CEO and co-founder, Rohyt Belani.
Photo © wk1003mike