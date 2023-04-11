Over 20% of META employees would click on a malicious link

In 2022, Kaspersky blocked 507-million user attempts to follow malicious phishing links and, during testing carried out among employees in the META region, found that employees most often fell victim to scam emails with claimed corporate announcements about the dress code (20,2% clicked), about account blocking (9,3% of trainees clicked the link), and fake recruiting announcements (5,1% clicked).

These are the results obtained in 2021 to 2022 from the phishing simulator built into the Kaspersky Automated Security Awareness Platform (KASAP).

After analysing the results of employee cybersecurity trainings and tests, it was found that employees from the Middle East and Africa were more likely to fall victim to phishing than those from other regions – Europe, North and South America – with 14,7% of employees from the Middle East and 11% of employees from Africa failing the phishing test. The APAC region was even further behind – here 15,6% of trainees failed the phishing test.

Over 2021 to 2022 in the Middle East, Turkiye and Africa region, the most popular topics for personnel cybersecurity trainings were safe email usage (eg. singling out suspicious links, figuring out what is a scam) and how to set secure passwords. These trainings were selected by over 70% of employees who passed the trainings. Other popular training topics included mobile device security, social media account security, and endpoint workstation protection. The course on data confidentiality was the least popular.

“While the world of tech is advancing rapidly, people’s skillset often lags behind. As it turns out, the majority of employees globally need basic cybersecurity training. In our recent testing, which was carried out using Kaspersky Gamified Assessment tool, just 11% of 3 907 employees proved to have a high level of cybersecurity awareness. The so called ‘human firewall’ is often the weakest link in the cyberprotection of an organisation,” says Svetlana Kalashnikova, product manager for Services & Education at Kaspersky.

“Companies should invest not only in traditional cybersecurity solutions that can be installed on corporate systems, but also in employee training,” Kalashnikova adds. “And before one can get trained, their cyber skillset should be assessed. The Gamified Assessment Tool is included in the ‘engagement phase’ of Kaspersky Security Awareness Portfolio. It precedes the training stage in the Kaspersky Automated Security Awareness Platform, allowing employees to get a clearer motivation for learning and helping organisations find out which educational program best fits their workers’ specific needs.”