The new edition of the Terranova Security Phishing Benchmark Global Report, drawing on results from the 2021 Gone Phishing TournamentTM, reveals that overall end user click rates remained high in the face of this year’s phishing simulation. It also details the rise in the number of users who would’ve compromised their devices with malware had the phishing simulation not been a safe testing environment.
The 2021 Phishing Benchmark Global Report results emphasize the growing need for all organizations to address the human element of cyber security by implementing engaging, informative security awareness training programs that leverage real-world phishing simulations to change the right end user behaviors.
These revelations come at the end of a year where digital transformation accelerated at many workplaces worldwide. The widespread adoption of remote or hybrid work cultures and related technologies enhanced collaboration and productivity, but it also meant cyber security awareness levels were tested much more frequently and with increasingly complex cyber threats.
The 2021 Gone Phishing Tournament took place over two weeks in October 2021 to coincide with Cybersecurity Awareness Month. In all, close to 1 million phishing simulation emails in 20 different languages were sent to end users during this stretch.
2021 Phishing Benchmark Global Report: Key Results
The 2021 Gone Phishing Tournament revealed that, in general, a significant portion of end users are still inclined to click on phishing email links and, in the case of this year’s simulation template, download malicious file attachments when prompted.
Nearly one in every five end users (19.8%) who received the phishing simulation email clicked on the initial message’s phishing link, which is on par with the 2020 edition of the event. In total, 14.4% of all end users failed to recognize the simulation’s resulting webpage as unsafe and clicked on the malicious file’s download link.
These realities mean that the number of initial clickers who ended up downloading the phishing simulation’s webpage file exceeded 70%, representing an increase of nearly three percentage points from the previous year.
Other key data highlights from the third edition of this event include:
- When it came to downloading the malware document, North America fared best as a region (11.8%), while Europe took the runner-up slot (14.9). The Asia Pacific region finished with the highest malware download rate.
- For click rates by industry, Education, Finance and Insurance, and Information Technology exhibited the highest totals, all scoring over 25%. Meanwhile, Healthcare, Transport, and Retail all kept their click rates under 10%.
- Information Technology had the highest click-to-download ratio across all industries, with 84% of those who clicked on the initial phishing link eventually downloading the malware file.
2021 Phishing Benchmark Global Report: Methodology
This year’s email and webpage templates were supplied by Microsoft and reflected a real-world scenario all end users may encounter in their daily lives. The template’s scenario, selected by the Terranova Security leadership team, measured several end user phishing behaviors, including clicking on a link in the body of a phishing email and delivering malware in a downloadable file through a phishing webpage.
The email and webpage spoofed the Microsoft SharePoint interface for an authentic look and feel. The email message even included instructions on how to download the file, which further enticed the end user to complete the action once they landed on the webpage. These decisions were made to give recipients a realistic sample of the increasingly complex nature of current phishing threats affecting professionals across many different industries.
End users who clicked on the webpage link to download the malware file were met with a feedback page that offered a powerful learning moment. It pointed out warning signs the user may have missed during the simulation and highlighted best practices to keep in mind moving forward, giving them the tools needed to detect and avoid future threats consistently.
Download the 2021 Phishing Benchmark Global Report to get all the results and facts from the latest edition of the Gone Phishing Tournament.
Terranova Security Announces Cyber Hero Score
Posted in Commentary with tags Terranova Security on March 24, 2022 by itnerdTerranova Security, the global partner of choice in security awareness training with more than 20 years of experience educating the world’s cyber heroes, has announced Cyber Hero Score. This new feature allows organizations to quantify risk by assigning unique ratings to each end user or user profile based on their cyber security behaviors. Cyber Hero Score is a visionary addition to the Terranova Security offering, primed to disrupt the industry by going beyond assessment surveys in determining employee risk levels, using personalized metrics.
Cyber Hero Score can be used for individuals, user profiles, teams, departments, countries, and business units. This intel facilitates how organizations build tailored cyber awareness training campaigns based on actual end user behaviors and progression over time. A Cyber Hero Score will draw from multiple factors, including the:
Security awareness training metrics, such as course participation and completion rate, phishing simulation results, and behavior change performance over time, are also considered. By accurately assessing risk and security awareness levels, organizations can quickly identify high-risk users or profiles, pinpoint specific behavior change areas, and personalize the resulting training campaigns to suit those unique realities. As a result, organizations can significantly reduce the human risk factor.
Cyber Hero Score is an asset for all organizations, regardless of whether their employees work within a remote/hybrid model or in-office. Training administrators must clearly understand team members at higher risk of being targeted by a cyber-attack and if they have adequate knowledge and skills to safeguard against attempts to compromise sensitive data. Organizations will leverage Cyber Hero Score to risk-based campaigns that respond and adapt to behavior changes based on an individual’s unique awareness training journey. This feature underpins a security-first mindset that helps mitigate risk, build cyber threat resilience, and grow security awareness across all departments, regions, and functions.
For more information on how Cyber Hero Score plays an integral part in building cyber threat resilience and growing a cyber-aware security culture through targeted, risk-based training, visit the dedicated webpage on the Terranova Security site.
Leave a comment »