Ready to Start Your Career?
By: Bora Aytun Keepnet Labs
May 29, 2018
Data Analysis Surprise: Least Expected Organization Groups Fall Victim to Phishing Attacks
By: Bora Aytun Keepnet Labs
May 29, 2018
By: Bora Aytun Keepnet Labs
May 29, 2018

Methodology
Data Sets
- 128 companies
- 126K phishing emails sent
Measurements
Using the Keepnet Labs Phishing Simulator module, each employee who received a phishing email was tracked and placed into 3 groups:- Group 1: Employees who opened the malicious emails
- Group 2: Employees who clicked the links and a malicious attachment in the emails
- Group 3: Employees who entered and submitted their information to the fake website
Sorting the Employees into "Failure Profiles"
Group 1
Group 2

Groups 1 and 2

Groups 2 and 3

Groups 1, 2, and 3

Analysis
The study then looked at the correlation between business departments and failure profiles:
Results
When results are filtered by business departments such as sales, marketing, IT, and R&D, we can see variations in employee behavior.Viewing the data by failure profiles, as well as by business departments, reveals that the proverbial champions of email security are the worst offenders.The likeliest victims were employees in the research and development, management, and legal departments.22.5% shared information
Research & Development took the top position by leading in both of the most dangerous categories:
17.5% opened attachments
Legal snags the coveted "highest percentage in any group" accolade and stays "competitive" with second place in another group:
51.5% opened the emails

33.3% clicked on links

Other Striking Findings:
- Marketing department employees were the most cyber-aware.
- 30% or more of all types of employees opened malicious emails.
- Excluding the employees in marketing, over 23% of all employees clicked on links in malicious emails.
- By unsuspectingly giving away highly sensitive information 22% of the time on average, and opening 14% of malware attachments on average, R&D and quality control employees helped attackers circumvent their organizations’ technological defenses once in every five email-borne attacks.
Who should not have appeared in these charts at all?
You may agree that non-technical employees such as upper management often see the IT department as the last line of defense, as it is populated by overly-protective, always-paranoid technicians. The expectation is that they are well aware of the risks and know what to do concerning cyber security. Finding that IT personnel opened 48.4% of malicious emails and that 28.9% of them clicked on a link in those emails is surprising, unnerving, and dismaying to the rest of us ordinary folk, let alone management.Conclusion
Results from over 126,000 individual emails, evaluated in sanctioned phishing tests in 2017 from Keepnet Labs customers around the world, revealed that 48.2% of phishing messages were opened by employees. Moreover, 31.5% of employees clicked the malicious attachment or link, and 7.9% submitted their credentials to the fake web site.The types of employees who failed to notice threats included key personnel who must understand the nature of the danger to security and how to avoid these threats. They are expected to be more attentive and vigilant concerning cyber security. It is an unpleasant surprise that IT personnel appear in groups that suggest the most destructive breaches in security.Creating cyber security awareness and helping change employee behavior is vital. Skill development exercises, such as those with the Keepnet Labs Phishing Simulator, and tools that invite employee engagement in cyber defenses, such as Keepnet Labs Incident Responder, are essential for establishing and maintaining employee awareness, buy-in, and commitment to preventing cyber attacks.As a Cybrary member, you get up to 500 trial licenses to utilize the resources of Keepnet Labs!Gain access to our most popular modules: Email Threat Simulator, Incident Responder, Phishing Simulator, and Awareness Educator.Discover and prevent your organization's human and technology vulnerabilities.Visit https://www.keepnetlabs.com/cybrary/1 https://www.cso.com.au/article/641021/state-cyber-security-2018-why-legacy-defences-won-t-keep-pace-new-ransomware-cryptojacking-threats/2 https://www.united-security-providers.com/blog/top-5-cyber-security-risks-for-companies/Build your Cybersecurity or IT Career
Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry