Key findings from the report that show room for improvement include:
The No. 1 problem area for end users, with 31% of questions missed, is safe social media use; yet only 55% of security professionals assess employee knowledge on this topic. End users missed 30% of questions about protecting and disposing of data securely, second only to safe social media use. Professional services and healthcare employees performed the lowest on the nearly 1 million questions asked about safe passwords. While healthcare was the industry had the highest assessment percentage on end users’ ability to protect confidential information, 31% of questions on the topic were missed by those in the industry.
Furthermore, with the rise in remote working and end users who value the ability to work outside of the office, organizations need to educate their employees on how to stay safe while they are outside the office. Improper use of free WiFi, inattention to physical security, lax data protections, and the lack of security guidelines during travel led to 26% of questions missed by end users on this important topic.
Derek Brink, CISSP, Vice President and Research Fellow, Aberdeen Group comments, “We should all be thankful to Wombat Security for sharing empirical data from nearly 20 million actual end-user assessments! The findings here are clear – organizations that measure user knowledge on a variety of security topics are gaining valuable insights into the most important factors of security risk, which can focus their efforts to address it. Depth of data, combined with a continuous, metrics-based approach to end-user security education, results in a solid knowledge improvement program. In my own analysis, successfully changing user behaviors has helped Wombat customers reduce security-related risks by about 60%.”
While there is room for improvement in all risk areas, the report also highlights categories where employees have answered the highest percentage of questions correctly.
90% of questions were answered correctly about building safe passwords. 85% of questions were answered correctly on how to best protect against physical risks, such as ensuring no one follows you into a secure area or not leaving sensitive files on your desk. 79% of organizations assess end users on internet safety, and 84% of the questions in this category were answered correctly.
About the Beyond the Phish Report
The report evaluated nearly 20 million questions asked and answered in Wombat’s Security Education Platform over the past two years, and highlights the areas end users struggle with the most and those with the most correct. Of the organizations that participated, 20% were in financial industries, 13% in technology, 11% in healthcare, and others in verticals including manufacturing, professional services, education, insurance, retail, energy, government, telecommunications, and consumer goods. You can download the full report here.
About Wombat Security Technologies
Wombat Security Technologies provides information security awareness and training software to help organizations teach their employees secure behavior. Their SaaS-based cyber security education solution includes a platform of integrated broad assessments, as well as a library of simulated attacks and brief interactive training modules. Wombat’s solutions help organizations reduce successful phishing attacks and malware infections up to 90%. Wombat, recognized by Gartner as a leader in the Magic Quadrant for Security Awareness Computer-Based Training Vendors, is helping Fortune 1000 and Global 2000 customer in industry segments such as finance and banking, energy, technology, higher education, retail and consumer packaged goods to strengthen their cyber security defenses.
12016 State of the Phish Report, Wombat Security Technologies and ThreatSim, January 27, 2016.
To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/cyber-security-awareness-report-from-wombat-security-reveals-knowledge-gaps-that-pose-major-enterprise-end-user-security-risks-300321366.html
SOURCE Wombat Security Technologies