After a year of helping our customers train their employees to better manage the urgent IT security problems of social engineering, spear phishing and ransomware attacks, we decided to go back, look at the actual numbers over those 12 months, aggregate the numbers over 300,000 employees and then show you a few case studies. First, the results:
Representative customer sample - 12-month Results
These results clearly show the sequence of:
The initial Phishing Security Test (PST) that shows the baseline Phish-prone percentage
Stepping all employees through our Kevin Mitnick Security Awareness Training, and
Follow up with frequent PSTs that continue to keep them on their toes. All our customer’s graphs start out high on the left (baseline), and drop dramatically over time.
Employees get the understanding that each email could be a phishing attack and they need to STOP, LOOK and THINK for a second or two before they click on any link in an email or open an attachment. The monthly PSTs make sure that this behavioral change which was started by the training, actually gets reinforced and applied in their day-to-day office life.