During testing carried out among employees in the Middle East, Turkiye and Africa region, employees most often fell victim to scam emails with claimed corporate announcements about the dress code (20,2% clicked), about account blocking (9,3% of trainees clicked the link), and fake recruiting announcements (5,1% clicked). These are the results obtained in 2021-2022 from the phishing simulator built into the Kaspersky Automated Security Awareness Platform (KASAP).
After analysing the results of employee cybersecurity trainings and tests, it was found that employees from the Middle East and Africa were more likely to fall victim to phishing than those from other regions – Europe, North and South America. 14,7% of employees from the Middle East and 11% of employees from Africa failed the phishing test. The APAC region was even further behind – here 15,6% of trainees failed the phishing test.
Over 2021-2022 in the Middle East, Turkiye and Africa region, the most popular topics for personnel cybersecurity trainings were safe email usage (e.g., singling out suspicious links, figuring out what is scam) and how to set secure passwords. These trainings were selected by over 70% of employees who passed the trainings. Other popular training topics included mobile device security, social media account security, and endpoint workstation protection. The course on data confidentiality was the least popular one.
“While the world of tech is advancing rapidly, people’s skillset often lags behind. As it turns out, the majority of employees globally need basic cybersecurity training. In our recent testing², which was carried out using Kaspersky Gamified Assessment tool, just 11% of 3,907 employees proved to have a high level of cybersecurity awareness. The so called ‘human firewall’ is often the weakest link in the cyber protection of an organisation,” says Svetlana Kalashnikova, Product Manager for Services & Education at Kaspersky.
“Companies should invest not only in traditional cybersecurity solutions that can be installed on corporate systems, but also in employee training. And before one can get trained, his cyber skillset should be assessed. The Gamified Assessment Tool is included in the ‘engagement phase’ of Kaspersky Security Awareness Portfolio. It precedes the training stage in the Kaspersky Automated Security Awareness Platform, allowing employees to get a clearer motivation for learning and helping organisations find out which educational program best fits their workers’ specific needs.”
To learn more about Kaspersky Security Awareness portfolio, please follow this link.
To avoid scams, keep personal and corporate data private and save funds, Kaspersky experts recommend:
- Check any link before clicking. Hover over it to preview the URL and look for misspellings or other irregularities. Double-check company name spellings. It’s also good practice to only enter a username and password over a secure connection. Look for the HTTPS prefix before the site URL, indicating the connection to the site is secure.
- Organisations should conduct regular cyber skill checkups among employees and offer competent training. Kaspersky Security Awareness portfolio offers flexible ways to train staff, is easily customisable and scalable to meet the needs of any company size.
- Use a trusted security solution that can help you check the security of the URL that you’re visiting and also provides the ability to open any site in a protected container to prevent theft of sensitive data, including financial details. Use a reliable security solution which identifies malicious attachments and blocks phishing sites. Thanks to access to international threat intelligence sources, these solutions are capable of spotting and blocking spam and phishing campaigns.
References:
¹https://securelist.com/spam-phishing-scam-report-2022/108692/