LAVAL, Que. — Security awareness training firm Terranova Security today released the latest edition of its Phishing Benchmark Global Report, drawing on results from its 2020 Gone Phishing Tournament, which reveals a substantial year-over-year increase in phishing simulation click rates, says the company.
Co-sponsored by Microsoft, the 2020 Gone Phishing Tournament took place over 11 days in October 2020 to coincide with National Cyber Security Awareness Month. The phishing simulation email and web page templates used during the tournament were supplied by Microsoft and they reflected a real-world scenario that a user, especially those working remotely, may encounter in their daily lives, explains the company’s press release.
The templates measured end-user phishing behaviours, including clicking on a suspicious email link and submitting data using a webpage form. Terranova Security’s report details a significant rise in the percentage of users who would have potentially compromised their login data had the phishing simulation not been a safe, security awareness testing environment, the company says.
Some of the key results from the report include the following:
- Almost 20% of employees are quick to click on phishing email links, a significant increase from the 11% posted during the 2019 Gone Phishing Tournament.
- 67% of clickers (13.4% of overall participating end users) submitted their login credentials, also up substantially from 2019, when just 2% submitted their credentials.
- The public sector and transport domains struggled the most, posting a click rate of 28.4% and submission rate of 24.7%.
- The education and finance & insurance sectors performed considerably better than others, with rates of 11.3% and 14.2%, respectively.
- Users in North America struggled the most with the phishing simulation, posting a 25.5% click rate and an 18% overall credential submission rate (a little more than seven out of every 10 clickers compromised their login data).
- Users in Europe exhibited lower click and submission rates of 17% and 11%, respectively.
Supported in 12 different languages, users from 98 different countries participated in the 2020 simulation.
“The results outlined in the Phishing Benchmark Global Report come at the tail end of what has been a tumultuous year for businesses worldwide. The global Covid-19 pandemic resulted in many organizations changing how they work and featured a spike in remote or remote-hybrid workforce adoption. However, distributed virtual offices have lessened the effect of technical data protection measures and consequently put employees’ ability to successfully detect and avoid phishing threats under a microscope,” reads Terranova Security’s press release.
“This year’s report illustrates the growing need for security awareness training initiatives that utilize real-world phishing simulations as a practical educational tool,” said author and Terranova Security CEO Lise Lapointe, in the release. “Organizations must take these phishing benchmarking results seriously and take the necessary steps to ensure every user has the knowledge needed to safeguard against the latest and most complex cyber threats.”
For more, please click here. To download a copy of the report, please click here.
