Phishing is so pervasive that nearly one-quarter of respondents in a recent Ponemon Institute® report say they received more than 20 phishing emails over the past 12 months, and 65% say they were impacted by malware at least once.

The Anti-Phishing Working Group reports that more than 1.2 million phishing attacks were launched in 2016, and more than 90% of hacking attacks start with phishing emails. These are sobering statistics that point toward the need for security awareness training in the workplace.

What Is Phishing?

Phishing is a form of digital fraud, usually via email, in which an attacker tries to gather information about its victim. The attacker is looking for your usernames, passwords, credit card numbers and other identifiable information. The often look reputable and fool people. A whopping 30% of phishing emails are indeed opened, in part because phishing expeditions are becoming more sophisticated.

Report Stats

The Ponemon Institute® Research Report The Cyber Hygiene Index: Measuring the Riskiest States was published in April. The final sample of 4,290 people completed a survey that was presented to more than 132,000 U.S. consumers.

The report concluded that:

  • Florida had the worst Cyber Hygiene Index (-6.29)
  • New Hampshire was rated best (+4.29), followed closely by Massachusetts (+4.20)
  • New York was ranked 21st (-1.90)
  • Only 15 states scored a positive Cyber Hygiene Index
  • 23% reported receiving more than 20 phishing emails in the past 12 months; 48% reported at least five
  • 21% reported being impacted by malware more than 10 times
  • 33% say they have more than 20 online accounts that require a username and password

According to the New York State Office of Information Technology Services, the “Cyber Hygiene Campaign is a multi-year effort to create a nationwide movement towards measurable and sustainable improvements in cyber security.”  The campaign developed toolkits for top priorities that provide instruction sheets. One of those toolkits, the First 5 CIS Controls™ Guide, comes from The Center for Internet Security. (You can download the toolkit here.) There are 20 total controls, and CIS Control 17 is “Implement a Security Awareness and Training Program”. CIS says that cyberdefense is more than a technical issue and that “the actions of people also play a critical part in the success or failure of an enterprise.”

Finally, the Ponemon report also created a subgroup dubbed the “Bottom 100,” which were the 100 individuals with the most risky responses. Within that group, 55% said they received more than 20 phishing emails, 82% had more than five malware incidents, and only 24% use antivirus on their computer or smartphone. If your employees are in that Bottom 100, your company needs some serious security awareness training.

Defend Your Organization

You can drastically improve your cybersecurity defenses by training your employees. Cyberattacks are on the rise, and the prime targets are the employees using a computer at their desks. Phishing scams cost American businesses $500 billion annually. Garnet River can provide your business with state-of-the-art online security awareness training for employees.