Armed with data generated by millions of real people, along with intelligence collected from more than 10 million phishing simulations delivered every month, the2019 Cofense™ Annual Phishing Report
, released today,
sheds a light on employees’ susceptibility to fall for attacks and organizations’ phishing resiliency – a measure that tracks behavioral change from clicking phishing emails to active defense through reporting. Contrary to popular belief, employees are a powerful force that play a pivotal role in an enterprise’s phishing defense strategy. In fact, when properly conditioned to recognize and report attacks through regular and relevant phishing simulations, organizations are more likely to successfully defend against attacks designed to compromise customer information, steal intellectual property or destroy company data and IT infrastructure.
Cofense, the global leader in intelligent phishing defense solutions, has equipped more than twenty million people in organizations across the globe to report suspicious emails through Cofense Reporter™, an easy to use, one-click email toolbar button.
“Security practitioners need to repudiate the common misconception that end users are the weakest link in organizational defense,” said Aaron Higbee, cofounder and chief technology officer, Cofense. “In fact, employees are the last and ultimate line of defense. With more than twenty million people across the globe empowered to flag potential attacks through Reporter, Cofense is helping thousands of organizations turn their workforce into highly tuned human sensors adept at reporting suspicious emails that frequently bypass security technologies.”
The research reveals three distinct best practices help organizations strengthen their resiliency and empower their users to become active defenders against attacks:
- Reporting: Organizations that arm their workforce with a straightforward and easy way to report suspicious emails exhibit strong phishing resiliency rates; in simulation exercises, their end users report phishing emails more than twice as often as they fall for the bait.
- Frequency: Regular phishing simulations significantly improve reporting rates and drive down users’ susceptibility to fall for phishing attacks. Organizations that run 12 or more simulations per year have twice as higher resiliency rates compared to those running fewer than 12.
- Relevance: Simulations that imitate real phish seen in the wild lead to markedly higher reporting rates and lower susceptibility rates amongst end users compared to organizations that randomly select phishing scenarios.
The ultimate pay-off of high organizational resiliency materializes when SOCs transform reported emails they receive into actionable intelligence. When well-positioned to prioritize and analyze employee-reported emails, SOCs can quickly and efficiently cut through the noise and neutralize a threat in minutes.