Hoxhunt, a security behavior change company, released its latest research focusing on employee resilience in critical infrastructure, showing increased levels of engagement in identifying and reporting phishing attacks.
with title Human Cyber Risk Report: Critical Infrastructure, documents Examines human risk factors in the critical infrastructure sector, analyzing data from over 15 million simulated phishing and real-world email attacks reported in 2022 by 1.6 million participants in security behavior change programs doing.
Nearly two-thirds of critical infrastructure employees detected and reported at least one real-world malicious email attack within a year of participating in a security behavioral training program.
Read more about similar attacks: Microsoft Warns of Increase in Business Email Compromise Attacks
The study also found that critical infrastructure employees exhibited 20% higher threat detection behavior than the industry average. Their organization reached its peak threat detection rate in his 10-month period, above the 12-month average seen in most other sectors.
“A behavior-based approach to phishing emails is superior to traditional security courses because it sets you up to recognize attacks,” explained Krishna Vishnubotra, Vice President of Product Strategy at the company. cymperium.
“Especially when it’s adaptive learning generated by artificial intelligence, it’s become natural to report it.”
In terms of phishing simulation success rates, critical infrastructure employees had a 61% higher success rate than the global average after 12 months of training.
“Over the past few years, attacks on critical infrastructure have become too frequent, emptying fuel pumps and store shelves,” commented CEO and co-founder Mika Aalto. Hoxhunt.
“In response, critical infrastructure organizations and their employees have become significantly more aware and vigilant against malicious activity.”
Despite strong performance in most areas, the study also revealed vulnerabilities in critical infrastructure areas. Employees in this space are susceptible to spoofed internal communications, and the failure rate of such attacks is 11.4% higher than the global average.
“The nature of threats targeting critical infrastructure is likely to continue to evolve as technology advances,” warns Craig Jones, vice president of security operations. Continue.
“Furthermore, as the value of data increases, more targeted ransomware attacks are likely, especially aimed at extracting or encrypting valuable or sensitive information.”
Some guidelines to help your organization defend against ransomware are available at: This analysis Security writer Sigraf Aijaz published on June 9, 2023.
