2019 Beyond the Phish Report Reveals Employees Have Significant Cybersecurity Knowledge Gaps

A survey conducted by the Sunnyvale, CA-based cybersecurity company Proofpoint has revealed end users are unsure how to protect sensitive data and lack the skills to identify phishing threats.

For the latest Beyond the Phish report, Proofpoint analyzed the responses to almost 130 million cybersecurity questions in 14 categories. The survey was conducted on employees in 16 industries across 20 different department classifications.

The report offers insights into why phishing attacks so often succeed and shows how good employees are at protecting sensitive data and identifying phishing threats.

In the ‘Identifying Phishing Threats’ and ‘Protecting Data Throughout its Lifecycle’ categories, one in four questions were answered incorrectly by survey respondents. While knowledge about phishing and protecting data have improved and employees broadly understand the concept of phishing and know some best practices for protecting data, significant knowledge gaps remain. Those knowledge gaps can easily be exploited by threat actors to steal credentials, gain access to business networks, and view and exfiltrate sensitive data. Cybercriminals are well aware of those knowledge gaps. Proofpoint found 83% of global organizations experienced a phishing attack in 2018.

The report shows that while investment in cybersecurity is increasing, businesses must ensure that resources are committed to training the workforce on cybersecurity best practices and teaching employees how to identify phishing emails and other email-based threats.

“Implementing ongoing and effective security awareness training is a necessary foundational pillar when building a strong culture of security,” said Amy Baker, vice president of Security Awareness Training Strategy and Development for Proofpoint. “Educating employees about cybersecurity best practices is the best way to empower users to understand how to protect their and their employer’s data, making end users a strong last line of defense against cyber attackers.”

The industries where employees struggled the most were education and transportation, where employees answered 24% of questions incorrectly on average, followed by hospitality where employees scored the lowest of all industry sectors in three categories, answering 22% of questions incorrectly. The finance industry performed the best with employees answering 80% of all questions correctly along with the insurance industry, where end users had the best performance in three of the 14 categories Proofpoint analyzed.

There were significant knowledge gaps in different departments. The communications department performed the best across all industry sectors with an average of 84% of questions answered correctly. The worst departments were customer service, facilities, and security (physical and cybersecurity), where an average of 25% of questions were answered incorrectly.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news