According to a recent ‘Phishing by Industry‘ report by KnowBe4, construction industry staff are most vulnerable when it comes to phishing scams.
- The report looks at 19 industries breaking them down into three categories, small (up to 250 workers); medium (250-999); and large (1,000+)
- Those in the construction industry placed first in falling for attacks in small and medium-sized businesses and second place in large corporations where the hospitality industry took first place
- According to KnowBe4, once training began, the percent of a company’s workers likely to fall for a phishing scam dropped dramatically
- In the construction category – after 90 days of combined computer-based training and simulated phishing security testing – the PPP numbers fell to 16.8 percent, small; 19.7 percent, medium; and 15 percent for large companies.
- After 12 months of such training the PPP fell further to 1.8 percent, 3.1 percent and 7.9 percent respectively
Expert Comments:
Craig Cooper, COO at Gurucul:
“This report goes to show how far we still have to go before we can eradicate phishing threats. Cybersecurity training for employees is still nowhere near where it should be. It’s often said that humans are the weakest link in the security chain. People are susceptible to phishing because these attacks exploit basic human nature, like curiosity and pride. Organisations would be wise to ensure that their users know about the potential dangers of clicking links and opening attachments in emails.
Beyond user training, however, organisations should also monitor user and entity behavior to identify anomalous and suspicious actions. Machine learning algorithms can compare current behavior to previously baselined behavior. Behavior analytics provides the data to identify trends and spot outliers, so you can quickly remediate threats. The behavior is the tell. And, in this case, the behavior of the compromised account would be suspicious and would have been flagged as risky and anomalous by behavioral analytics.”
