According to a recent ‘Phishing by Industry‘ report by KnowBe4, construction industry staff are most vulnerable when it comes to phishing scams.
- The report looks at 19 industries breaking them down into three categories, small (up to 250 workers); medium (250-999); and large (1,000+)
- Those in the construction industry placed first in falling for attacks in small and medium-sized businesses and second place in large corporations where the hospitality industry took first place
- According to KnowBe4, once training began, the percent of a company’s workers likely to fall for a phishing scam dropped dramatically
- In the construction category – after 90 days of combined computer-based training and simulated phishing security testing – the PPP numbers fell to 16.8 percent, small; 19.7 percent, medium; and 15 percent for large companies.
- After 12 months of such training the PPP fell further to 1.8 percent, 3.1 percent and 7.9 percent respectively
Expert Comments:
Craig Cooper, COO at Gurucul:
Beyond user training, however, organisations should also monitor user and entity behavior to identify anomalous and suspicious actions. Machine learning algorithms can compare current behavior to previously baselined behavior. Behavior analytics provides the data to identify trends and spot outliers, so you can quickly remediate threats. The behavior is the tell. And, in this case, the behavior of the compromised account would be suspicious and would have been flagged as risky and anomalous by behavioral analytics.”