A recent study revealed that 27 percent of employees tested by a vulnerability assessment firm clicked on a phishing link or fell victim to other social engineering techniques, suggesting a pressing need for better cybersecurity training.

In its report titled “Social Engineering: How The Human Factor Puts Your Company at Risk,” security firm Positive Technologies conducted a series of test attacks on several of its clients’ users. The company sent employees email messages that prompted them to enter their credentials on a website and then assessed their responses for the study.

More Than One-Quarter of Employees Fail Phishing Test

Of course, social engineering can take many forms, so the test subjects were broken into groups that received different kinds of phishing emails to see what worked and what didn’t. None of the messages contained real malware or caused actual harm, but the results showed that if the schemes had been designed by cybercriminals, 17 percent of the email attacks would have successfully compromised corporate systems.

To be fair, the research suggested that employees aren’t completely forgetting or ignoring their cybersecurity training. For instance, tests that prompted users to download and run a file fooled only 7 percent of subjects. Still, 15 percent clicked on emails with suspicious attachments and links to potentially malicious webpages where their usernames, passwords and other details might have been compromised.

Similarly, while traditional cybersecurity training might have warned employees against clicking on links or attachments in messages from unfamiliar senders, the study suggested that users should double-check everything sent to their inbox. Only 11 percent of test subjects fell victim to phishing messages from fake companies, but 33 percent were fooled by messages that included a genuine corporate domain name and looked like a legitimate sender.

The Case for Better Cybersecurity Training

While it may be tempting to conclude that most employees simply aren’t tech-savvy enough to identify phishing attempts, nearly 10 percent of users who failed the social engineering tests worked in the IT department, and 3 percent were on the IT security team. The results of the study suggest that organizations should invest in better cybersecurity training for employees in all departments.

More from

How to Spot a Nefarious Cryptocurrency Platform

Do you ever wonder if your cryptocurrency platform cashes in ransomware payments? Maybe not, but it might be worth investigating. Bitcoin-associated ransomware continues to plague companies, government agencies and individuals with no signs of letting up. And if your platform gets sanctioned, you may instantly lose access to all your funds. What exchanges or platforms do criminals use to cash out or launder ransomware payments? And what implications does this have for people who use exchanges legitimately? Blacklisted Exchanges and Mixers…

Are Threat Actors Using ChatGPT to Hack Your Network?

Though the technology has only been widely available for a couple of months, everyone is talking about ChatGPT. If you are one of the few people unfamiliar with ChatGPT, it is an OpenAI language model with the “ability to generate human-like text responses to prompts.” It could be a game-changer wherever AI meshes with human interaction, like chatbots. Some are even using it to build editorial content. But, as with any popular technology, what makes it great can also make…

Why Crowdsourced Security is Devastating to Threat Actors

Almost every day, my spouse and I have a conversation about spam. Not the canned meat, but the number of unwelcomed emails and text messages we receive. He gets several nefarious text messages a day, while I maybe get one a week. Phishing emails come in waves — right now, I’m getting daily warnings that my AV software license is about to expire. Blocking or filtering has limited success and, as often as not, flags wanted rather than unwanted messages.…

Bridging the 3.4 Million Workforce Gap in Cybersecurity

As new cybersecurity threats continue to loom, the industry is running short of workers to face them. The 2022 (ISC)2 Cybersecurity Workforce Study identified a 3.4 million worldwide cybersecurity worker gap; the total existing workforce is estimated at 4.7 million. Yet despite adding workers this past year, that gap continued to widen. Nearly 12,000 participants in that study felt that additional staff would have a hugely positive impact on their ability to perform their duties. More hires would boost proper…