Like most things in life, practice makes perfect. Well, perhaps, better at least. KnowBe4 has reported that a “long-term phishing study involving 6 healthcare institutions shows employees are vulnerable to phishing attacks and that they can become more vigilant through exposure.”
Researchers initiated 95 separate campaigns studying employee interaction with over 2 million simulated phishing emails. There was a 16.7% initial click rate. The bright side is that with repeated exposure, the employees clicked less, decreasing the company vulnerability. No additional training was given to the employees, just repeated exposure. Imagine the click percentage if they actually had Security Awareness Training that taught them what to look for, how hackers trick them, and what they should do when they do receive a true phishing attempt.
An educated employee is a vigilant employee and can be one of your most critical front line defenses against attack. Security Awareness Training provides that education and phish testing to identify the company’s weakest link in security so security can take steps to correct that weakness before a hacker exploits it. A “before and after” phishing campaign can also tell an organization the efficacy of their employee training.