After a year of helping our customers train their employees to better manage the urgent IT security problems of social engineering, spear phishing and ransomware attacks, we decided to go back, look at the actual numbers over those 12 months, aggregate the numbers and then show you a few case studies. First, the results:
Representative customer sample - 12-month Results
These results clearly show the sequence of:
The initial Phishing Security Test (PST) that shows the baseline Phish-prone percentage
Follow up with regular PSTs that continue to keep them on their toes. All our customer’s graphs start out high on the left (baseline), and drop dramatically over time as you can see in the following case studies.
Under each case study is the type of organization, number of employees, the number of PST’s that were sent to these employees, and which Phishing Campaign templates were used to send to the users.
Case Study 1
Case Study 1 – Software Company: 15 employees, total number of PST runs: 217, spread over Banking, Online Services, Social Networking, Current Events, Government.
Case Study 2
Case Study 2 – State Govmt Office: 31 employees, total number of monthly PST runs: 37, spread over Banking, Social Networking, Online Services, Current Events.
Case Study 3
Case Study 3 – Church Community Service: 95 employees, total number of monthly PST runs: 77, spread over Banking, Government, Current Events, Online Services.
Case Study 4
Case Study 4 – Agricultural Services: 22 employees, total number of 2-weekly PST runs: 93, spread over Banking, Government, Social Networking.
Case Study 5
Case Study 5 – Electric Utility: 46 employees, total number of monthly 2-weekly PST runs: 35, Government.
Case Study 6
Case Study 6 – Healthcare: 65 employees, total number of monthly PST runs: 70, spread over IT, Online Services, Current Events.
Case Study 7
Case Study 7 – Financial Services: 45 employees, total number of monthly PST runs: 39, spread over Current Events, Social Networking, Government.
As you can see, in each of these cases, employees get the understanding that each email could be a phishing attack and they need to STOP, LOOK and THINK before they click on any link in an email. The regular PSTs make sure that this behavioral change which was initiated by the training, actually gets applied in their day-to-day office life.