2021 Gone Phishing Tournament™ Phishing Benchmark Global Report Reveals High Phishing Simulation Click and System Compromise Rates
LAVAL, QC, Dec. 7, 2021 /PRNewswire/ -- The new edition of the Terranova Security Phishing Benchmark Global Report, drawing on results from the 2021 Gone Phishing TournamentTM, reveals that overall end user click rates remained high in the face of this year's phishing simulation. It also details the rise in the number of users who would've compromised their devices with malware had the phishing simulation not been a safe testing environment.
The 2021 Phishing Benchmark Global Report results emphasize the growing need for all organizations to address the human element of cyber security by implementing engaging, informative security awareness training programs that leverage real-world phishing simulations to change the right end user behaviors.
These revelations come at the end of a year where digital transformation accelerated at many workplaces worldwide. The widespread adoption of remote or hybrid work cultures and related technologies enhanced collaboration and productivity, but it also meant cyber security awareness levels were tested much more frequently and with increasingly complex cyber threats.
"The third edition of the report is a powerful reminder to organizations everywhere that deploying real-world phishing simulations as an educational tool is more crucial than ever," said author and Terranova Security CEO Lise Lapointe. "By testing end user knowledge with simulated attacks similar to threats they may encounter in their everyday activities, organizations can more easily change user behaviors and keep their sensitive information safe."
The 2021 Gone Phishing Tournament took place over two weeks in October 2021 to coincide with Cybersecurity Awareness Month. In all, close to 1 million phishing simulation emails in 20 different languages were sent to end users during this stretch.
2021 Phishing Benchmark Global Report: Key Results
The 2021 Gone Phishing Tournament revealed that, in general, a significant portion of end users are still inclined to click on phishing email links and, in the case of this year's simulation template, download malicious file attachments when prompted.
Nearly one in every five end users (19.8%) who received the phishing simulation email clicked on the initial message's phishing link, which is on par with the 2020 edition of the event. In total, 14.4% of all end users failed to recognize the simulation's resulting webpage as unsafe and clicked on the malicious file's download link.
These realities mean that the number of initial clickers who ended up downloading the phishing simulation's webpage file exceeded 70%, representing an increase of nearly three percentage points from the previous year.
Other key data highlights from the third edition of this event include:
- When it came to downloading the malware document, North America fared best as a region (11.8%), while Europe took the runner-up slot (14.9). The Asia Pacific region finished with the highest malware download rate.
- For click rates by industry, Education, Finance and Insurance, and Information Technology exhibited the highest totals, all scoring over 25%. Meanwhile, Healthcare, Transport, and Retail all kept their click rates under 10%.
- Information Technology had the highest click-to-download ratio across all industries, with 84% of those who clicked on the initial phishing link eventually downloading the malware file.
"When you consider that the Gone Phishing Tournament takes place during Cybersecurity Awareness Month every year, it's clear that there's room for improvement across the board," added Theo Zafirakos, CISO at Terranova Security. "Establishing, maintaining, and optimizing a training program that incorporates continuous awareness activities and phishing simulations is an essential part of strong information security. In the 20 years since Terranova Security's inception, phishing threats have only become more prevalent. Organizations must take this reality seriously and implement strong awareness training initiatives."
2021 Phishing Benchmark Global Report: Methodology
This year's email and webpage templates were supplied by Microsoft and reflected a real-world scenario all end users may encounter in their daily lives. The template's scenario, selected by the Terranova Security leadership team, measured several end user phishing behaviors, including clicking on a link in the body of a phishing email and delivering malware in a downloadable file through a phishing webpage.
The email and webpage spoofed the Microsoft SharePoint interface for an authentic look and feel. The email message even included instructions on how to download the file, which further enticed the end user to complete the action once they landed on the webpage. These decisions were made to give recipients a realistic sample of the increasingly complex nature of current phishing threats affecting professionals across many different industries.
End users who clicked on the webpage link to download the malware file were met with a feedback page that offered a powerful learning moment. It pointed out warning signs the user may have missed during the simulation and highlighted best practices to keep in mind moving forward, giving them the tools needed to detect and avoid future threats consistently.
Download the 2021 Phishing Benchmark Global Report to get all the results and facts from the latest edition of the Gone Phishing Tournament.
About Terranova Security
Terranova Security is the global security awareness training partner of choice that has been training the world's cyber heroes for more than 20 years. The organization empowers organizations worldwide to design programs that change user behaviors, drastically reduce the human risk factor, and counter cyber threats. By providing security leaders with the industry's most innovative, highest-quality awareness training content and real-world phishing simulations, Terranova Security makes it easy to build risk-based campaigns that target the right end user behaviors. As a result, training initiatives ensure all employees understand critical information security best practices on phishing, social engineering, data privacy, compliance, and much more. This commitment to helping organizations build foundational resilience against cyber threats is also reflected in the Terranova Security partnership with Microsoft. This collaboration embodies both organizations' dual mission to develop initiatives that strengthen the human line of defense in cyber security. Train your cyber heroes: www.terranovasecurity.com.
LEGAL NOTICES
Copyright © 2021 Terranova WW Corporation, Inc. All Rights Reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
CONTACT : Kareen Pate, Manager, Marketing et Communication, kareen.pate@terranovasecurity.com, 514 806-4621
Share this article