Security Awareness Training Works – If You Maintain It

---

Security awareness training including phishing resistance dramatically reduces risk if you keep it up.

---

Cybersecurity training seems like a boring time waste, but it’s actually a key part of any company’s security strategy that cannot be overlooked. An estimated 306.4 billion emails were sent and received each day in 2020, triple the average increase of past years. That figure is expected to continue to grow steadily as companies adopt a more flexible work approach going forward, and it’s estimated to reach over 376.4 billion daily messages by 2025 In a year full of bad news around cybersecurity, there’s one very bright spot – security awareness training works to protect businesses from cybersecurity threats.

---

---

10 Things to Know About Phishing

---

• More than 80% of all cyberattacks are phishing attacks
• Phishing attacks increased over 600% in Q2 2020 alone 
• 75% of organizations around the world experienced some kind of phishing attack in 2020
• A new phishing attack is launched every 39 seconds 
• An estimated 90% of cyberattacks that result in data breach begin with a phishing email 
• 94% of phishing emails use malicious file attachments as the payload or infection source 
• Google estimates it blocks 18 million scam emails a day from its 1.5 billion users 
• Phishing attacks account for more than 80% of reported security incidents
• 75% of phishing targets are found through web searches or common email address formats 
• 65% of cybercriminals use phishing as their primary form of attack

Security Awareness Training Works…… If You Keep Up With It

---

The most effective way to prevent a cybersecurity disaster is to prevent mistakes since the number one cause of a data breach is human error. Security awareness training is a powerful tool to reduce that risk. Security awareness training lowers the chance of an incident like a data breach by 70%. But 62% of businesses do not do enough cybersecurity awareness or phishing resistance training, and that’s a problem – especially for remote workers.

A late 2020 study measured not only the impact of security awareness and phishing resistance training but also its lasting effect. Their results showed that security and phishing awareness training is forgotten over time. Test subjects were trained once and retention tested four, six, eight, ten, and 12 months later, and the results were unequivocal – the longer they went without training, the worse they performed. For security awareness training to be effective, it needs regular upkeep and refreshment.

Without consistent upkeep, phishing resistance training wears off. In the same study, workers who received phishing resistance training were only able to spot phishing emails for four months after initial training. Experts recommend that employees take 11 courses per year for maximum efficacy. Haphazard training often reflects a poor cybersecurity culture that enables bad behavior like sloppy email hygiene by employees. In a 2020 survey of 1,000 employees, a disturbing fact stands out: 96% of employees are aware of digital threats like phishing, but 45% click emails they consider to be suspicious anyway.

---

---

Phishing is Growing by 300% Again in 2021

---

Phishing is still experiencing triple-digit growth in 2021 – up almost 300% over 2020’s record-breaking numbers in May and June respectively – and companies in every sector are getting hammered with attacks. An astonishing 80% of IT professionals in a recent survey said that their organizations have faced an increase in the number of phishing attacks that they’re combatting in 2021. Unfortunately, more phishing attempts has translated into more phishing attack disasters for many companies.  An estimated 74% of respondents in the same survey said that their companies had been successfully phished in the last year.  

Phishing attacks against businesses are commonly fueled by dark web data, and there’s plenty for cybercriminals to choose from. A flood of records stolen in past data breaches has made its way to the dark web including an estimated 22 million new records in 2020 alone. Experts had already estimated that 65% of the information on the dark web at the start of 2020 could harm businesses and this influx of stolen information provides abundant fresh fuel for cybercrime, increasing everyone’s risk. That’s helping cybercriminals push sophisticated spear phishing threats to new heights., and spawning more dangerous zero-day threats than ever before.

---

---

Cybersecurity Training is a Must-Have to Reduce Ransomware Risk

---

Ransomware is the monster under the bed for IT teams. Companies need to consider the fact that the primary delivery system for ransomware is phishing. A favored tool of cybercriminals, ransomware is employed by nation-state threat actors as well as small-time gangs. A stunning one in four attacks that IBM Security X-Force Incident Response remediated in 2020 were caused by ransomware. Double extortion ransomware is a rising star as cybercriminals double down on their attacks to double their profits by requiring their victims to pay twice: once for the usual decryption code and a separate fee to not have the encrypted data copied by the gang. Practitioners of this tactic were responsible for more than 50% of all ransomware attacks in 2020.  

A little over 95% of IT professionals who responded to a survey said that their organizations have security awareness and phishing resistance training programs. Those programs can range from high-quality ongoing classes to occasional ad hoc meetings. But a much smaller percentage of those companies are invested in making sure their employees complete their security awareness training. Only 30% of the surveyed pros could say that 80% or more of their company’s employees had completed any formal security awareness training courses. That means that companies understand the benefits of security awareness training but are often challenged in running and delivering it, wasting time and money.  

Security awareness training is especially important when supporting a remote or hybrid workforce. More than 55% of remote workers rely on email as their primary form of communication with their coworkers, but less than 55% of companies engage in regular phishing resistance training. Whether that’s because of perceived challenges in running training or simple neglect, that’s a problem. Over 50% of respondents admitted that they were more error-prone while stressed. More than 55% of workers in an employee error detection survey admitted that they were frequently off-balance when working from home, leading to security blunders – 40% said they made more mistakes when they were tired or distracted. Altogether 43% of the workers surveyed reported that they had made mistakes resulting in cybersecurity repercussions for themselves or their company while working remotely. 

---

---

Keep Staffers on Top of the Latest Threats Painlessly

---

A common reason why companies tend to put off security awareness and phishing resistance training is that it seems daunting. Finding the right materials, creating the right groups, measuring retention, tutoring those who need extra help, managing schedules – it’s an undertaking. But it doesn’t have to be, because BullPhish ID makes it simple for everyone.

Easy, Effective Training Delivered

• Managing phishing resistance training is easy with BullPhish ID. Simple remote management enables you to quickly complete administration, including building, importing, and editing groups of the “target” employees to be included in your phishing simulation and training campaigns. Easily import multiple groups in your organization in order to specialize and differentiate your training to keep it relevant and fresh.

• Since keeping training fresh is an obvious key to keeping training effective, we add 4 new plug-and-play phishing simulation training kits every month featuring the latest scams including COVID-19 threats. The platform includes over 80 phishing kits and 50 security video campaigns – with 27 videos available in 8 languages including English, Dutch, French, German, Italian, Portuguese, Spanish (Iberian/European), and Spanish (Latin)

• BullPhish ID is flexible and easy for users who are being trained too. Threats are explained clearly for non-tech staffers, making training effective and accessible for everyone. Easy-to-understand, short, and visually engaging training videos let learners go at their own pace, and online quizzes help you verify retention and see who needs more help.

Don’t put training off anymore – it’s not a smart way to save time or money. Dark Web threats are escalating every day, fueling new, dangerous cyberattacks. Without regularly updated security awareness and phishing resistance training, your chance of experiencing a cybersecurity incident increases dramatically, and no one can afford a disaster like that in this economy.

---

---

---