We conducted a post phishing-test survey with a client and found that people held some intriguing perceptions…
Phishing test-and-train solutions have their limitations, and they should definitely not be viewed as the only option available for providing guidance on phishing. However, we recognise that they are a useful part of the security awareness armoury – and have found phishing tests to be useful to provide a point-in-time view of the susceptibility of the organisations we work with to malicious emails.
Following a recent phishing test conducted with a client, we ran a survey to gauge organisational attitudes to the problem. This uncovered a range of insights which we’ve been able to feed into our technology. But there was one result which stood out in particular – people’s assessment of how informed they are.
The table below summarises the responses from our question asking people how well informed they felt they were about phishing. The first row are the results for people who did not click the link in our test. The second row are for people who clicked the link and entered their password into a test web page.
|Fully informed||Well Informed||Somewhat informed||Not informed|
|Did not click||18%||42%||38%||2%|
We found it striking that the results from these two groups are virtually identical: those who had, in effect, “failed” the test felt they knew as much about phishing as those who “passed” the test. How might we interpret that outcome? Here are a few ideas…
Whilst this survey cannot be considered conclusive evidence – our methodology and sample size undoubtedly fell some way short of Office of National Statistics standards for robustness – it is interesting to speculate as to the cause of these results. The truth probably lies in some combination of the above factors.
As a final point, it is concerning, given the criticality of the problem from a security perspective, that 40% of people felt only “somewhat” or “not” informed about phishing. But that is why the organisation in question are working with us to use our Redflags™ product to provide effective security awareness!
Survey image copyright andreypopov / 123RF Stock Photo