You’ve trained them. You’ve deployed simulated phishing tests. You’ve reminded your employees countless times with posters and games and emails about avoiding phishing scams. Still, they keep falling for the same ploys they’ve been warned about for years. It’s enough to drive security teams to madness.
According to Verizon’s 2016 Data Breach Investigation Report, 30 percent of phishing messages were opened by their intended target, and about 12 percent of recipients went on to click the malicious attachment or link that enabled the attack to succeed. A year earlier, only 23 percent of users opened the email, which suggests that employees are getting worse at identifying phishing emails — or the bad guys are finding more creative ways to outsmart users.
