A recent study on human susceptibility to spear phishing attacks. The data set that formed the basis of this study was obtained from the results of mock spear phishing exercises run by our clients (against their respective workforce).
The data was gathered from 32 mock phishing exercises run at companies spanning a variety of industries ˆ healthcare, financial services, government, government contracting, etc and varying sizes (ranging from companies with 100 employees to those with more than 200,000 employees). Also, the target workforce spanned 18 different countries.
Key findings of the study include:
23% of people are vulnerable to targeted/spear phishing attacks (despite the fact that they received conventional user awareness training). This explains why spear phishing is the attack vector of choice today.
Phishing attacks that use an authoritative tone are 40% more successful that those that attempt to lure people through reward-giving.
Men and women are both equally (difference of 0.3%, margin of error +-3%) susceptible to phishing.
On an average 60% of corporate employees that were found susceptible to targeted spear phishing responded to the phishing emails within three hours of receiving them. 20% of those vulnerable reacted in the first hour!
We will be continuing to mine the unique set of data to draw other interesting statistics and assist organizations in focusing their security awareness efforts in the right areas.