Employees in ANZ organisations need to play catch-up against regional colleagues by improving their vigilance in identifying malicious links and other forms of phishing, according to one phishing platform provider.
“Without security training, across all industries, one in three (34.4%) employees in ANZ are likely to click on a suspicious link or comply with a fraudulent request”, according to KnowBe4.
The report measures an organisation’s Phish-prone™ Percentage (PPP), which indicates how many of their employees are likely to fall for phishing or social engineering scams - and shows that ANZ leads North America, South America and Africa, but trails the UK, Europe and Asia at large, which is now the global leader at 28.4%.
KnowBe4 notes that it analysed over 54 million simulated phishing tests across more than 11.9 million users from 55,675,organisations in 211 countries, and the resulting baseline PPP measures the percentage of employees in organisations that had not conducted any KnowBe4 security training, who clicked a simulated phishing email link or opened an infected attachment during testing.
{loadposition peter}
“The findings in the report clearly demonstrate the effectiveness of combining simulated phishing security tests with security awareness training. ANZ organisations that engaged in consistent training and testing experienced a substantial decrease in their average PPP to from 34.4% to 19.1% within the first 90 days, and a further reduction to 5.5% after a year of continuous training and testing.”
Some interesting facts highlighted and discussed in the report include:
- Cyber risk is the primary concern for businesses in APAC, with malware, ransomware, and social engineering attacks being the most common attack strategies.
- Cybersecurity breaches are having a profound impact on businesses in Oceania. Preparedness levels among individuals and enterprises may be lower, exacerbating vulnerability to cyber threats.
- The shortage of trained cybersecurity professionals. This talent gap places additional pressure on existing employees and increases the risk of inadequate threat mitigation, potentially compounding the consequences of cyber incidents.
- Interest in security culture within the region has progressively gained momentum. With a growing recognition by IT to foster change management and mobilise employees, this positive trend underscores significant progress in security culture across ANZ.
- Following recent developments in government regulations, there has been a notable shift toward the adoption of more secure practices among organisations.
- Organisations in the region are concerned with AI as an emerging threat vector. While AI can exert a beneficial influence across society, its swift introduction has precipitated the advent of deepfakes in imagery, audio and video, further complicating the detection of traditional social engineering threats
According to KnowBe4, large organisations show greatest improvement, and the most notable improvement in ANZ was observed within large organisations, where the initial PPP at Phase 1 of 40.3% was substantially reduced to 4.7% in Phase 3, an 88.28% improvement - and “this significant favourable movement serves as a testament to the efficacy of robust and continuous security awareness training, along with rigorous testing protocol, in strengthening cyber defences.
“The considerable overall improvement in PPP over three and 12 months is evidence that transforming cybersecurity culture requires breaking existing habits to make way for more secure ones. As employees adopt new behaviours and these become habitual, they evolve into standard practices that shape organisational culture, creating a workforce that instinctively prioritises security.
"With the Asia-Pacific region experiencing a significant surge in cyberattacks compared to its global counterparts, this report reinforces the crucial role the human element plays in cybersecurity.
“Although technology is important for preventing and recovering from cyberattacks, human error is still a big contributing factor to data breaches. Although it’s encouraging to see ANZ phishing results showed an improvement from last year, AI-driven threats will increase so it’s imperative that organisations continue to strengthen the human firewall with regular and focussed security awareness training,” said Dr Martin Kraemer, Security Awareness Advocate at KnowBe4.
KnowBe4 said this year’s report also examines phishing benchmarks from North America, South America, UK and Ireland, Europe, Africa, and Asia. To download a copy of the 2024 KnowBe4 Phishing by Industry Benchmarking Report, click here.