BROOKLYN — The year 2020 was challenging for cybersecurity on many levels. The global pandemic brought a wave of cyberattacks exploiting the mayhem, while remote work made employees more vulnerable to such attacks.
In particular, phishing attacks hit record levels, with Google reporting over 2 million phishing sites in 2020 alone. However, even more alarming is that current cybersecurity measures employed by organizations worldwide are inadequate to protect against such threats.
According to the data presented by the Atlas VPN team, one-fifth (19.8%) of employees fell for phishing emails even if they have gone through security awareness training.
Rachel Welch, COO of Atlas VPN, shared her thoughts on the situation: "We are in an age where cyberattacks are evolving faster than ever before. However, the data shows that organizations are not doing enough to educate their employees on cybersecurity threats.
“Organizations have to realize that just as the cyberthreat landscape is shifting, so should their response to cyberthreats. Otherwise, the organization is left vulnerable to cyberattacks, which have devastating and long-lasting consequences to both the organization itself and its clients."
Out of the employees who did click on phishing email links, 67.5% also entered their credentials, such as password, on the phishing webpage. It means that overall, 13.4% of employees provided their credentials to phishers.
The Public Sector is the most vulnerable to phishing attacks
While no sector is immune to phishing attacks, some industries were better educated on recognizing such assaults than the others.
Five industries had above average phishing email click rates, with the public sector being at the top of the list. A total of 28.4% of employees working in the public sector clicked on a phishing link in an email.
Next up is the Transport industry. Nearly a quarter (24.7%) of employees in the sector fell for phishing emails.
Not far behind the Transportation industry is the Service Provider sector. In total, 23.1% of employees in this field clicked on a phishing link.
Also in the top five list are the Energy and Information Technology sectors with 22.1% and 19.9% of employees respectively falling for phishing emails.
Employees in all of the aforementioned industries were also most likely to submit their credentials to fraudsters, this way compromising sensitive data.
The education sector, however, performed the best in terms of phishing attacks. Only 11.3% of workers in the Education sector clicked on a phishing link.
We are in an age where cyberattacks are evolving faster than ever before. However, the data shows that organizations are not doing enough to educate their employees on cybersecurity threats.
Organizations have to realize that just as the cyberthreat landscape is shifting, so should their response to cyberthreats. Otherwise, the organization is left vulnerable to cyberattacks, which have devastating and long-lasting consequences to both the organization itself and its clients. — SG
