More than a third of office workers believe they are seeing more phishing emails today than they were a year ago according to research just released by PhishMe
At the same time, the corporate phishing security training specialist says that 16 percent of the 1,000 respondents to its OnePoll survey claim to have fallen victim to a phishing attack, although there are probably a lot more that don't know they were victims.
Delving into the research - which was conducted in late November - reveals that companies seem to be letting the side down on the security training front, with 18.7 percent of office workers polled in the late November survey admitting their employers did not provide them with security training, and just 5.1 percent saying their company conducted phishing testing as part of their training.
It's not all doom and gloom on the anti-phishing front, however, as the survey found that 27% of employers are conducting online security training for their staff. With 27.4% integrating some form of security training in their employee induction courses, and 11.8 percent using the traditional approach of classroom security training to get the message across.
Commenting on the findings, Aaron Higbee, PhishMe's CTO and co-founder, told SCMagazineUK.com that these positive trends are a reflection of the fact that employees are becoming more technically aware - and also aware of the need for security training as part of their job.
"This trend is borne out when we compare this year's survey with those from our first survey of this type last year. And if you go back to 2007/8, the trend is even more apparent. Back then we found that 75 or 80 percent of employees were failing a phishing attack test as part of their training - today it's much, much lower, and we have an achieved target of under 10 percent for those organisations where we are providing training," he explained.
Graham Cluley, a former Sophos security consultant and now an independent analyst, told SCMagazineUK.com that phishing and targeted attacks are a serious threat to businesses big and small in the UK, as they can lead to serious security breaches.
"It's all too easy for online criminals to forge an email header to pretend to come from a colleague or business, and dupe unsuspecting workers into clicking on a link or opening a booby trapped attachment," he said.
In an ideal world, Cluley - a security veteran of more than 25 years - says that users could be trained to check for suspicious links or show caution about unsolicited attachments.
But, he said, it is clear that the world isn't perfect, and users are going to carry on making mistakes.
"IT teams need to step up their game, and deploy systems to minimise the chances of a malicious attack entering their organisation through this route," he concluded.