The year 2020 was challenging for cybersecurity on many levels. The global pandemic brought a wave of cyberattacks exploiting the mayhem, while remote work made employees more vulnerable to such attacks.
In particular, phishing attacks hit record levels, with Google reporting over 2-million phishing sites in 2020 alone. However, even more alarming is that current cybersecurity measures employed by organisations worldwide are inadequate to protect against such threats.
According to the data presented by the Atlas VPN team, one-fifth (19.8%) of employees fell for phishing emails even if they have gone through security awareness training.
Rachel Welch, chief operating officer of Atlas VPN, shares her thoughts on the situation: “We are in an age where cyberattacks are evolving faster than ever before. However, the data shows that organizations are not doing enough to educate their employees on cybersecurity threats.
“Organisations have to realize that just as the cyberthreat landscape is shifting, so should their response to cyberthreats. Otherwise, the organisation is left vulnerable to cyberattacks, which have devastating and long-lasting consequences to both the organization itself and its clients.”
Out of the employees who did click on phishing email links, 67.5% also entered their credentials, such as password, on the phishing webpage. It means that overall, 13.4% of employees provided their credentials to phishers.
While no sector is immune to phishing attacks, some industries were better educated on recognizing such assaults than the others.
Five industries had above average phishing email click rates, with the public sector being at the top of the list. A total of 28.4% of employees working in the public sector clicked on a phishing link in an email.
Next up is the Transport industry. Nearly a quarter (24.7%) of employees in the sector fell for phishing emails.