Antiphishing: 37% of company employees fall victims to phishing
... Of those, 2% disclose their login and password to the fraudsters almost immediately. Antiphishing, a Russian research company and software developer, presented an annual report on employees’ security. The authors of the study believe that dangerous actions of people, the so-called human factor, are a major challenge of the modern information security. Fraudsters use social engineering techniques to successfully attack organizations and ordinary people.
As part of the report, the experts tried to assess what makes employees most vulnerable to attacks through social engineering, and also showed what measures and to what extent can reduce the exposure of organizations and ordinary people to such attacks.
The report analyzes the employees’ security, technical factors that affect the success of real digital attacks against employees, and psychological factors that influence insecure behavior most of all. Besides, the report offers a comparative analysis of the effectiveness of various measures aimed to solve the problem of employees’ security.
According to the experts, the losses from telephone and online fraud amounted to nearly 150 billion roubles in 2020, and the number of cybercrimes in the first half of 2020 increased by 91.7%.
Antiphishing researchers identified the most dangerous psychological factors, including corporate attribution (letters on behalf of colleagues or managers, personification) calling the victim by name and the seeming trustworthiness of the attacker.
Employees from the design, technical support and IT units, employees of companies from the service and manufacturing sectors, and companies from remote regions proved to be most vulnerable to phishing.
A general analysis of the results of 100,000 simulated attacks showed that 37% of company employees open phishing scam emails, 19% continue to interact with the phishing emails by clicking on links, and another 13% download and open malicious attachments.
2% of employees eventually become direct sources of passwords and other confidential information for fraudsters.See the research findings in full here.