It is rare to find a study that has tens of millions of data points. But Wombat Security's 2018 State of the Phish Report is one of those.
And based on what we hear from the InfoSec leaders we partner with at SecureWorld, this is the go to report to gauge the state of phishing in a given year. We wanted to find out why.
This is the first of two reports taking you behind the scenes on the 2018 State of the Phish, which includes an audio interview with those who know the study well.
Part 1, which you are reading now, takes a brief look at the history of the report (wait until you hear how it started) and the ways researchers go about getting so much data. Listen to our interview here:
One reason the State of the Phish is so well received each year is that it is both data rich and digestible at the same time.
According to Amy Baker, Vice President at Wombat, “We started by looking at aggregate customer data and their experiences with their simulated phishing attacks and how their audiences and employees were responding to those.”
“We really think it’s important to stay grounded in what awareness is from an end user perspective, of computer users. It’s like a digital man on the street survey. This looks at their basic knowledge of phishing.”
The combination of these things paints a powerfully clear picture of where the threat landscape is right now in 2018. You can find the 2018 State of the Phish report here. Or listen to the SecureWorld web conference on "What Your Peers are Doing to Reduce Successful Phishing Attacks.
Oh, there is one more surprising thing we learned during our interview: the State of the Phish actually came to Wombat Security through an acquisition. Of course it was much simpler at the time, but that provided the basis for what so many in InfoSec read each year.
Tomorrow we’ll have a really insightful interview with Wombat Security on the report—along with what they see as surprising trends, unusual discoveries, and key takeaways that are relevant to your security awareness program in 2018.