Michael Hill Acting Editor, Infosecurity Magazine
Phishing scams are a threat to all industries, but none as much as the construction sector – well, that’s according to new research from KnowBe4 anyway.
The firm’s recent Phishing by Industry report assessed businesses of varying sizes across 19 different sectors, breaking them down into three categories: small (up to 250 workers), medium (250-999) and large (1000+).
Those in the construction industry have the highest percentage of ‘phish-prone’ employees in both the small and medium-sized business categories, ranking at 38% and 37% respectively. The construction industry ranked second among the large company subset with 37%, topped only by the hospitality industry, which scored 48%. To determine that baseline of phishing risk, KnowBe4 administered a test to organizations that had not conducted any security awareness training. Users were not pre-warned about the test by staff and were going about their regular job duties.
However, KnowBe4 discovered that, after a period of training, it was possible to reduce phishing risk and make workers less likely to fall for a scam. After 90 days of combined computer-based training and simulated phishing security testing, the phishing-prone percentage score within the construction industry dropped to 16.8% (small companies), 19.7% (medium) and 15% (large), highlighting the effectiveness of staff phishing training.
After a further 12 months of such training, the scores dropped even further to 1.8%, 3.1% and 7.9%, respectively.
Craig Cooper, COO of Gurucul, said: “This report goes to show how far we still have to go before we can eradicate phishing threats.
“It’s often said that humans are the weakest link in the security chain. People are susceptible to phishing because these attacks exploit basic human nature, like curiosity and pride. Organizations would be wise to ensure that their users know about the potential dangers of clicking links and opening attachments in emails.”