One in Three Employees Will Fall for Phishing

January 28, 2022

The actions that employees take every day have an enormous impact on the security of a company’s IT environment. Human error is responsible for an estimated 90% of security breaches according to IBM’s X-Force Threat Intelligence Index. However, employees are people and people make mistakes, like falling for a phishing email or mishandling data. Those mistakes can cost their employers a fortune and open businesses up to ransomware, business email compromise and other expensive, dangerous cyberattacks. Unfortunately, new research shows that one in three employees made a mistake when faced with a phishing email last year, setting the stage for trouble for their companies. 

AI is the secret weapon you’re looking for to boost business email security. SEE WHY>>

Employees Will Fall for Phishing 

In many ways, maintaining the security of a company’s environment and data starts with thinking about phishing. The Verizon Data Breach Investigations Report has crowned phishing the number one threat to data security for the last three years. The risk of phishing causing a data breach is so severe that the phishing category still tops the DBIR list even without the inclusion of ransomware, which has grown into such a behemoth that it’s earned its own category. Unfortunately, it’s easy to see why: employees will fall for phishing.  

Likelihood of Dangerous Employee Email & Phishing Behaviors  

  • 1 in 3 employees are likely to click the links in phishing emails.  
  • 1 in 8 employees are likely to share information requested in a phishing email.    
  • 60% of employees opened emails they weren’t fully confident were safe.  
  • 45% click emails they consider to be suspicious “just in case it’s important.”  
  • 45% of employees never report suspicious messages to IT for review.     
  • 41% of employees failed to notice a phishing message because they were tired.  
  • 47% of workers cited distraction as the main factor in their failure to spot phishing attempts. 

A Stanford University study showed that all together, one in four employees admits that they’ve clicked on a phishing email at work. That’s not a mistake that any company can afford, especially with today’s booming dark web data markets driving strong demand.  Data breach numbers have been skyrocketing all over the world since the start of the global pandemic, and phishing is at the root of many of those breaches – an estimated 74% of organizations in the United States have fallen victim to a successful phishing attack that resulted in a data breach in the last 12 months.  

The road to security success begins with 5 Steps to Ransomware Readiness! GET IT>>

Phishing Messages Are Growing Even Harder to Detect

Cybercriminals are flocking to social media, producing slick phishing messages and pursuing new social engineering techniques to lure employees into to clicking and interacting with them. The anonymous nature of the medium makes it easy for cybercriminals to trip up employees and get them to make security blunders. Phishing on social media is just as dangerous for businesses as email phishing.  In January 2021, organizations experienced about 34 social-media-related phishing attacks per month. However, in June this number rose closer to 50, representing a 47 percent increase through the first half of 2021. By September 2021, organizations were looking at more like 61 social-media-related phishing attacks per month – a shocking 82% increase in just three quarters.    

The bad guys are also upping their production game when it comes to creating phishing emails. As GetApp reports, phishing messages are becoming more sophisticated and consequently more enticing to employees, raising click rates substantially while they create an elevated risk for businesses.  

Percentage of GetApp Survey Respondents Who Received (and Clicked) a Phishing Email 

2019 43% received 73% clicked 

2020 58% received 81% clicked 

2021 64% received 77% clicked 

But employees haven’t gotten magically better at detecting phishing messages, especially sophisticated threats. An estimated 97% of employees in a wide array of industries are unable to recognize a sophisticated phishing email. These attacks are typically made more effective by using dark web data to craft spear phishing messages that lure unwary employees into a false sense of security by showing multiple signs of legitimacy. More than 22 billion new records have been added to the dark web in recent years, including 103 GB in this year’s RockYou2021 dump. Socially engineered phishing attacks use that data to lure employees into opening dodgy emails, clicking suspicious links, downloading sketchy attachments and engaging in other unsafe behaviors that cause damaging disasters. 

Learn how incident response planning boosts cyber resilience & security. GET THE EBOOK>>

Mistakes When Handling Email Are Gateways to Disaster

Employee errors are also a gateway to ransomware disasters. Just like other phishing messages, ransomware-laden phishing messages can range from obviously bogus trash to slickly produced, highly convincing messages that can fool even savvy employees. Instead of operating generalized campaigns, many ransomware organizations are choosing to take the time to precisely target their attacks to snag targets in one particular industry or even one particular organization. That also makes it easy for them to fool an employee into clicking by mistake. Targeted ransomware attacks adhere to high quality standards. Bad actors make sure these messages don’t throw up red flags with rookie mistakes like spelling or usage errors, a hallmark of phishing that is emphasized in security awareness training. Precisely targeted ransomware attacks like these have grown by 767% in the last 12 months. 

If email volume continues to trend the way that experts expect, it is estimated to reach over 376.4 billion daily messages by 2025. Or a lot of chances for cybercriminals to drop tempting lures to employees, and just one misclick that launches a successful cyberattack can be a death blow for an SMB. The exorbitant costs, lost revenue and reputation damage from a security disaster are often simply too much for businesses to survive. That’s why 60% of companies go out of business within 6 months after a cyberattack like a ransomware incident.  

See how to avoid cybercriminal sharks in Phishing 101. DOWNLOAD IT>>

AI Doesn’t Make Mistakes Like People Do

Employees will keep making mistakes like falling for a phishing message. Socially engineered cyberattacks like phishing are nearly 80% effective. Controlling the risk that a business faces from phishing is an important part of that organization’s success. Businesses that want to achieve greater success and keep growing in 2022 are making a smart choice when they opt to decrease their phishing risk by stopping phishing messages from reaching their employees. 

Stop phishing immediately with Graphus – the most simple, automated and affordable phishing defense available today.

When you choose AI-powered, automated email security, your business gains an array of strong defenses against phishing that stop today’s nastiest phishing threats cold. Graphus’ AI technology refines your protection daily to ensure that your business is protected against tomorrow’s phishing threats too. You’ll gain a powerful guardian that protects your company from some of today’s nastiest threats like spear-phishing, business email compromise, ransomware and other horrors that will fit perfectly into your IT budget. 

  • Forget old-fashioned safe sender lists. Graphus analyzes the content of messages using more than 50 points of comparison to suss out fakes fast.
  • Plus, automated security is up to 40% more effective at spotting and stopping malicious messages like phishing emails than a SEG or conventional security. 
  • And, you won’t waste any time on fussy configuration or adding threat reports. AI does that for you, getting everything up and running with just a few clicks and minimal maintenance. 
  • Click here to watch a video demo of Graphus now. 

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus