Going behind the scenes with Wombat Security gave SecureWorld the chance to ask key questions about the company’s 2018 “Beyond the Phish” report.
The first one was this: Why does the company that issues the “State of the Phish” report, an industry standard, issue a “Beyond” the Phish report as well?
Amy Baker, Vice President of Marketing at Wombat Security, says it's because the company has data that can help you secure your organization. And not just some data, but more than 85 million points of customer data.
You can imagine how a data set like that could lead to some great insights. So, the company is sharing it.
New trends from 'Beyond the Phish' report
Here’s a key trend: “In general, the end-user population only understands 75% to 80% of what they need to, at best," says Baker. "And that’s a user population that is when we look at end-users who are being trained.”
Research backs her up. Check out the left side of the chart below. This reveals the percentage of security awareness questions that are answered incorrectly by end-users.
There is more work to be done.
And Wombat's Chief Security Architect, Kurt Wescoe, says another trend the report helped surface is about where InfoSec leaders and teams should be focusing when it comes to security awareness.
“Where they need to be looking is less about phishing in general and more about how exactly am I being phished and then looking to train more deeply on specific ways their users are being targeted.”
[Listen for key takeaways and hidden lessons in “Beyond the Phish 2018"]
What is new in 2018 Beyond the Phish report
In this year’s report, Wescoe also says Wombat answered a big request from information security professionals. “Users had been asking for more and more: give me the results by industry, give me the breakdown of results by subject area. So we went deep with this one and showed how each industry is performing compared to others—as well as letting report readers see breakdowns by topic area.”
[Download: Access the complimentary “Beyond the Phish 2018” report.]
Report highlights also include robust data, more specifics, and new trends. But what about key takeaways from “Beyond the Phish?”
Positive trends in cybersecurity and security awareness
Baker says one trend Wombat Security is seeing is actually good news. InfoSec teams can always use more of that, right?
“Some companies are realizing that end users can be an asset instead of a disadvantage. And that’s a really great turn of events for the security industry overall.” It is a sign that the people-centric approach to cybersecurity works in tandem with the other network hardening you have done.
And Wescoe says he noticed something else relating to the threat landscape. You can truly help your employees evolve with an awareness program. “Don’t doubt the ability to introduce training on emerging threats within a year of that threat appearing.”
He points out that just over a year ago, most employees around the globe knew very little about ransomware. Now, in many industries that Wombat is working with, ransomware awareness is one of their strengths.
“You can bring their knowledge up quickly and have them be a defense area for you.”
And increasing security defense can help thwart the growing number of complicated attacks against organizations around the globe.
For more details, listen to our behind the scenes interview on Wombat Security's "Beyond the Phish" report, or download your copy.
