WASHINGTON—Why do phishing attacks continue to rise? A new report reveals roughly 30% of employees across industries were high-risk and likely to click on a suspicious link or email or obey a fraudulent request.
But there is some semi-good news. Employees at financial institutions, however, were among the lowest risk to fall for such an attack, according to the report from security company KnowBe4, which adds that training can greatly reduce the chance employees will make a critical mistake.
At banking institutions with less than 250 employees, 29% were initially considered high-risk, compared to construction companies at 38% – the most at-risk, noted NAFCU in its analysis.
After 90 days of training, less than 10% of financial services employees fell for phishing attacks, and after a year it dropped to 1%.
The KnowBe4 report first established a baseline of employees, across 19 industries, who were likely to fall for a phishing attack. The company then conducted training and phishing security tests to determine how phishing awareness changed after three months and a year.
Among the organizations offering assistance in the area are NAFCU, which has cybersecurity compliance resources available online, including a cybersecurity assessment tool workbook; a webinar available on-demand also details how to identify cybersecurity risks and vulnerabilities.