Training Cuts Phishing Success

A new study by a security training company has found that even a few months of security awareness instruction can have a big impact on how well recipients respond to phishing attempts. In the education segment, specifically, KnowBe4 found that 27.16 percent of staff were "phishing-prone" — likely to open e-mails or click on files containing malware. After three months of training, the same people were 30 percent less likely to open such e-mail; and after a year, they were 88 percent less likely to do so.

KnowBe4 sells online training that's intended to help employees "make smarter security decisions." E-mail phishing, along with social engineering, is a common way for malware to make its way onto school networks.

For the recent study, the company drew from its database of 11,000 organizations, employing more than 6 million users. The phish-prone percentage was calculated by the number of people who clicked on a simulated phishing e-mail link or opened an infected attachment during a testing campaign that used the KnowBe4 platform. While the research project examined every type of business represented in its customer base, education fell right into the average of about 27 percent across all industries.

Small educational organizations — those with under 250 employees — were at the greatest risk, with phish-prone staffers making up 29 percent of all employees, compared to 26 percent of schools with 250 or more employees. After three months of computer-based training that used sample phishing e-mails, the smaller organizations saw the greatest gain, dropping to 17 percent vs. 20 percent for the larger entities. Following a full year of training and at least 10 phishing tests, in schools with fewer than 250 staff members, just 3 percent were likely to fall for a phishing test compared to 4 percent for their larger brethren.

KnowBe4's website includes a free tool that, with registration, allows IT organizations to run a phishing security test among employees, up to 100 users. Subscription pricing for the training service is based on a per-user, per-year basis.

"The new research uncovered some surprising and troubling results," said company CEO Stu Sjouwerman, in a press statement. "However, it also demonstrates the power of deploying new-school security awareness training by lowering a 27 percent Phish-prone result to just over 2 percent."

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • illustration of a futuristic building labeled "AI & Innovation," featuring circuit board patterns and an AI brain motif, surrounded by geometric trees and a simplified sky

    Cal Poly Pomona Launches AI and Innovation Center

    In an effort to advance AI innovation, foster community engagement, and prepare students for careers in STEM fields and business, California State Polytechnic University, Pomona has teamed up with AI, cloud, and advisory services provider Avanade to launch a new Avanade AI & Innovation Center.

  •  black graduation cap with a glowing blue AI brain circuit symbol on top

    Report: AI Is a Must for Modern Learners

    A new report from VitalSource identifies a growing demand among learners for AI tools, declaring that "AI isn't just a nice-to-have; it's a must."

  • glowing shield hovers above a digital cloud platform with abstract data streams and cloud icons in the background

    Google to Acquire Cloud Security Firm Wiz

    Google has announced it will acquire cloud security startup Wiz. If completed, the acquisition — an all-cash deal valued at $32 billion — would mark the largest in Google's history.

  • digital dashboard featuring a shield icon, graphs, a world map, and network nodes

    IBM Introduces Agentic AI Governance and Security Platform

    IBM has launched a new software stack for enterprise IT teams tasked with managing the complex governance and security challenges posed by autonomous AI systems.