Hold on to your hats – the percentage of employees that are clicking on phishing emails today is a shocker. Why are far too many employees still opening and interacting with phishing emails, even as companies step up security awareness training, and how can you stop it? Automated phishing defense with Graphus is a good start.
How Bad is It?
A recent experiment by Canadian security researchers exposed the sad truth: an estimated 25% of Noth American workers tested were fooled by phishing emails, leading to some dangerous consequences.
- 67% of clickers (13.4% of overall users) submitted their login credentials, up substantially from 2019 when just 2% submitted their credentials
- The Public Sector and Transportation workers struggled the most, posting a click rate of 28.4%
- The Education, Finance and Insurance sectors performed considerably better than others, with click rates of 11.3% and 14.2% (tied)
- Users in North America struggled the most with the phishing simulation, posting a 25.5% click rate and an 18% overall credential submission rate
- About 7 out of every 10 clickers willingly compromised their login data
- Users in Europe exhibited lower click and submission rates of 17% and 11%, respectively.
Why Are Users Still Clicking?
A precipitate increase in cybercrime in 2020 has led to companies pursuing security awareness more strongly – overall cybercrime increased approximately 85% in 2020, with a more than 600% explosion in phishing. But a 2020 survey of 1,000 employees uncovered a disturbing fact: 96% of employees are aware of digital threats like phishing, but 45% click emails they consider to be suspicious anyway.
Why? Because employees are overwhelmingly overconfident about their abilities to suss out phishing and afraid of getting in trouble for missing an important message. Nearly all respondents claimed they check for signs of phishing in emails, but only 43% of office workers said they verify that email links match their supposed destinations – and that’s a problem for businesses. In the United States, 78% of respondents said they’ve had security awareness training but 60% still open potentially suspicious emails for fear of misidentifying a message and getting in trouble.
Fix It With Graphus
While effective, memorable security awareness training that includes phishing resistance using an affordable solution like BullPhish ID is a must-have for every business, you should take protection from today’s biggest cybersecurity threat just a little bit further. Graphus gives you two key advantages to combat this problem: automated phishing protection and Phish 911. Both of these tools provide defensive tools that prevent staffers from interacting with phishing email, reducing the chance that they’ll fall for a scam and hand over their login credentials – or worse.
TrustGraph Stems the Tide
Employees can’t click on an email that they don’t get. That’s the biggest reason why automated phishing protection with Graphus is a smart move for every business. Our patented AI uses predictive reasoning and pattern recognition to create trusted email profiles based on your staff’s email traffic patterns and compares incoming communications to these profiles to detect and prevent sophisticated phishing, spear phishing and business email compromise attacks. Through TrustGraph, this analysis of over 50 different attributes of your employees’ communications learns to spot and stop suspicious messages before they land in anyone’s inbox.
Empower Defensive Teamwork with Phish 911
Phish 911 is a clutch player in this situation too. By making it painless for employees to report suspicious emails with just one click, staffers are more likely to alert IT staff to potential problems. Office workers receive an average of 52 emails per day, and with the pressure to remain efficient and be diligent about job details, workers can feel like reporting dodgy emails could be seen as incompetence. But when you make it easy and encouraged, they’ll feel more confident that they won’t get in trouble if it turns out to be nothing after all.
While staffers may feel confident that they’re ready to handle phishing, it pays to make sure that phishing risks are reduced automatically with smart, affordable protection from Graphus. Book a demo today and put the power of Graphus to work for you.