70% of Public Sector Employees Disclose Passwords When Interacting with Phishing Emails
A large-scale phishing simulation conducted as a test and security experiment was recently completed and the results are not very encouraging. The participants were public sector employees from across the globe and the research was focused on how easy it is to get them to unwittingly disclose their work login credentials to simulated bad actor attempts at theft.
The simulation concluded that a staggering 70% of public sector employees are very likely to fill in their credentials after following a link found in a phishing e-mail.
Other figures reveal in the wake of the experiment, conducted by Terranova Security, revealed that a fifth of employees were very quick and eager to click on links contained in phishing e-mails. The worrying thing here is that this number has nearly doubled compared against the figures posted in the 2019, and this trend was valid even among employees who had previously participated in another round of phishing simulations.
The phishing templates used in the simulation were specifically tailored to reflect the current Covid-enforced situation where millions of people work from home, on a system that is usually less secure than their office computer.
A template sample included a fake e-mail containing tips on how to stay safe from Covid-19, supposedly sent from the World Health Organization, containing a malicious link to a fake PDF document.
The situation is not very pretty to look at in other business sectors as well. Employees working in transport services recorded a 70% click to submission ratio. It may be somewhat comforting that the finance and education sectors performed best with just around 8 percent each.
Companies and industries obviously need to focus more on training programs and raise much greater awareness of the dangers of phishing. It seems even right in the wake of global cybersecurity awareness events that took place in October, people's ability to tell a phishing e-mail from a real one is still very flaky.
You cannot force people to develop their common sense, but usually it's just common sense that helps filter out the fake phishing bait and stay safe.