- Anti-phishing company PhishMe said the results of 8 million phishing simulations show that, with practice, employees can dramatically improve their ability to detect phishing emails.
- The average response rates to any particular phishing email is about 20%, and employees who click on one phishing email are 67% more likely than average to click on another one.
- But with training, employees can learn to recognize phishing emails and can become an active line of defense against them, the report found.
Training may be the best line of defense in both avoiding phishing scams and reporting them to the appropriate authority at the company, said Rohyt Belani, CEO at PhishMe, Inc.
Belani recommends companies run phishing simulations and also make it easy for employees to report malicious emails by adding a button to their Outlook screens.
According to the study, one client employee base began reporting malicious attacks 15 minutes before anyone had actually downloaded the malicious attachment.
"You can turn people into a strong asset," Belani said. "We can get away from 'people are the weakest link.' "
Across all companies, PhishMe said phishing emails pretending to be regular office communications tend to be the most effective, with a 22% click-through rate.