Lowering Cyber Security Exposures Starts With Training Employees

Proofpoint used data from nearly 130 million responses submitted to its Security Education Platform from January 2018 through February 2019 to create its fourth annual “Beyond the Phish” report.

Proofpoint asked users questions across 14 subjects to assess their cybersecurity knowledge for use in the report. Those surveyed answered an average of 22 percent of the questions incorrectly. These incorrect answers show “the complexity of these topics and the nuances around phishing, around data protection, and around understanding of some compliance directives related to cybersecurity.”

The report found that employees are weakest in the following areas:

   • Identifying phishing threats;

   • Protecting data throughout its lifecycle;

   • Compliance-related cybersecurity directives;

   • Protecting mobile devices and information;

   • Mobile device encryption

   • Securing personally identifiable information (PII);

   • Technical safeguards in blocking social engineering attacks;

   • Distinguishing public from private data; and

   • Responding to a suspected physical security breach.

On the other hand, respondents did well on questions related to avoiding ransomware attacks; passwords and account authentication; unintentional and malicious insider threats; identifying potentially risky communication channels; physical security safeguards while traveling; recognizing ransomware and malicious pop-ups; and risks associated with Bluetooth pairing.

Another report, INKY’s “2019 Special Phishing Report,” found that cybercriminals are adopting more sophisticated phishing techniques, including brand forgery emails intended to harvest credentials; use of methods to bypass secure email gateways; and use of “hidden text” attacks that include invisible gibberish text that allows them to bypass e-mail cybersecurity protections. Kelly Sheridan “How to Catch a Phish: Where Employee Awareness Falls Short” darkreading. com (Jul. 11, 2019).