• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Current News   »   Are employees the weakest link in your security strategy? Train them!

Are employees the weakest link in your security strategy? Train them!

  • Posted on:August 28, 2020
  • Posted in:Current News, Security
  • Posted by:
    Joyce Huang
0

Email is the number one threat vector. There’s no exception, even with a global pandemic, on the contrary: COVID-19 has been used as an appealing hook by cyber criminals. Data from Trend Micro Smart Protection Network shows that for the first five months of 2020, 92 per cent of all the cyber threats leveraging COVID-19 were spam or phishing email messages.

Email scams can have a big impact, both on the organization and the individual. This was highlighted in a recent report from BBC News where a finance professional from Glasgow, Scotland was targeted by a business email compromise scam. The hackers disguised themselves as the employee’s CEO, and managed to convince her to transfer £200k to their bank account. When the organization realized what happened, they were able to retrieve half of the loss. However, the employee was fired and then pursued in the courts for the remaining sum. Her lawyers argued successfully that she had not received any training to identify these scams and the case was subsequently dismissed. This took a big personal toll on the employee who not only lost her job, but worried about losing her home as well. Her employer suffered financially and their reputation also took a hit. There were no winners in this case, but it really emphasized the importance of security awareness; companies need to arm their employees with the knowledge to protect the business, and ultimately themselves.

A great email security solution can block the majority of threats, but no product can catch 100 per cent of email scams. This means that humans are our last line of defense. Trend Micro Phish Insight service helps you to increase your employees’ awareness of phishing emails and other cyber threats. Best of all, it is completely free, allowing you to increase your cybersecurity while using this budget for other critical initiatives.

Let’s take a look at a customer use case:

A Phish Insight customer in the U.S. launched two phishing simulation campaigns for 1,500 employees in the first half of 2020.  The two campaigns were four months apart and targeted the same employees.
The first campaign was a fake email from CDC with a link that claimed to check new COVID-19 cases. It asked for the user’s log-in information after the link was clicked.

 

 

The second campaign is an email pretending to be from the organization’s IT department. It requested users to verify their account due to an Office 365 inbox storage limitation.

 

 

Both emails are very realistic looking with important and engaging topics that users care about.

So, what do the results look like?

Among the employees getting the emails, the result for the two campaigns shows a positive behavior change in recognizing a phishing email.

  • Percentage of employees that clicked the embedded URL in email reduced significantly (11 per cent vs. 7 per cent)
  • Percentage of employees that reported the phishing email to IT has increased significantly (11 per cent vs. 24 per cent)

However, when introducing a more challenging phishing attack (the 2nd campaign), the percentage of employees who posted their credentials to the phishing site has significantly increased (0.3 per cent vs. 3.4 per cent). While the company’s overall phishing awareness increased (reduced clicks), those who fell victim had a higher chance of giving out their credentials.

The result also shows that back office teams have a higher percentage of phished employees and the importance of on-going training. In addition to continuing phishing awareness training to all employees, the IT department will focus more on back office teams.

Using Phish Insight, the company successfully increased employees’ awareness while being able to target more at risk user groups and identify those that need more help.

Want to train your organization?

To start a phishing simulation for your users, you need $0 budget and only five minutes. With a really simple user experience, you can get up and running with your first simulation today.

Try Phish Insight with no obligation: phishinsight.trendmicro.com

Related posts:

  1. Don’t Blame Employees who fall for a BEC scam!
  2. Report: Businesses need to train employees on data security
  3. Arm your users with knowledge to spot phishing attacks – for free!
  4. Trend Micro Capture the Flag: Train security professionals – Close the skills gap

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Trend Micro Asks Students How Their Relationship to the Internet Has Changed During COVID-19
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.