Ransomware: Industries Most at Risk

By:  |  Category: Blog, Security Thursday, January 25th, 2018  |  No Comments

Ever wonder how hackers target their victims? It seems certain industries are more prone than others.

According to a new study from KnowBe4 on the phishing statistics for top industries, small insurance companies have the highest percentage of phish-prone employees in the small to mid–size organization category. Not-for-profit organizations are hit the most in the large organization pool.

The research, compiled from more than six million users across nearly 11,000 organizations, gauges real-world phishing results. On a positive note, data shows a major decrease in careless clicking to just 13 percent 90 days after initial cybersecurity training and simulated phishing and an even steeper drop down to 2% after 12 months of combined phishing and computer based training.

Researchers anonymously tracked users by company size and industry in 3 areas:
1. A baseline phishing security test
2. Results after 90 days of combined computer based training and simulated phishing
3. The results after one year of combined computer based training and phishing is encouraging:

“What this data from KnowBe4 emphasizes is that one of the biggest issues affecting organizations is still that of the human element. Ultimately, you could have all the security systems in the world, and adopt a multi-layered approach, but if it isn’t driven from the top down, then it has little effect. The most successful companies that we work with are the ones that have taken cyber and information security into the boardroom and have it as a number one priority,” Andy Miles, CEO of ThinkMarble, said to Help Net Security.

“Executives and Directors have a responsibility and a duty to protect their companies and people and, just like they take Health and Safety seriously for fear of financial and reputational repercussions, the same approach needs to be adopted for basic cyber hygiene principles. Week in, week out, we see businesses being compromised and held to ransom. What will it take for this issue to be taken seriously in the boardroom? We should take the lead from the New York State, Department of Financial Services, that has implemented new regulations in which it is no longer a matter of what ‘should’ be done but what ‘must’ be done to comply and protect the data and information held within the business. If the boardroom can’t understand and get the basics right, then there is a good chance they will suffer an attack,” Miles concluded.

If your business needs assistance with cybersecurity training give EnhnacedTECH a call at 714-970-9330 or contact us at [email protected]

Source Image: https://unsplash.com/photos/fkvdNRIew6A

Leave a Comment
Read previous post:
Cybercriminals: Profile of a Hacker

Cybercriminals don't fit a certain profile and they certainly don't all wear hoodies and slouch around as the media likes...