For the past five years, Wombat Security (now part of Proofpoint), has released their annual State of the Phish report based on an analysis of data from tens of millions of simulated phishing attacks sent throughout the Wombat security education platform.
The data is related to 16 different industries and covers thousands of customers from mid-range to large enterprises. It also includes over 10,000 responses to quarterly surveys Infosec professionals revealing what organizations are experiences.
We reviewed the report, and compiled a list of key finds and insights:
The Extent of End-User Risk
In this section of the report, Wombat conducted a five-question-seven-country survey to gauge how much working adults around the world know about cybersecurity.
What questions were asked?
- What is vishing
- What is phishing
- What is smishing
- What is ransomware
- True or false, if you accidentally install a virus on malicious software to your computer, your IT team will be notified by their monitoring tools so you can fix it
Ransomware awareness increased significantly in the US and UK (with Germany holding stead), and average understanding of smishing improved. As for phishing: the US gained some ground and the UK remained relatively steady. Globally, most adult workers still don’t know what vishing is.
What InfoSec Pros Are Experiencing
In this section of the report, Wombat surveyed InfoSec professionals–customers and noncustomers–to find out that they are experiencing.
Social engineering attacks are on the rise across the board. The vast majority–96%–said the rate of phishing attacks increased or stayed consistent throughout the year, and more respondents said they experienced attacks during 2018 than 2017.
You can download the full State of the Phish Report for free here.