In 2022, Kaspersky blocked 507 million user attempts to follow malicious phishing links. During testing carried out among employees in the Middle East, Turkey, and Africa region, employees most often fell victim to scam emails with claimed corporate announcements about the dress code, account blocking, and fake recruiting announcements. These are the results obtained in 2021-2022 from the phishing simulator built into the Kaspersky Automated Security Awareness Platform.
After analysing the results of employee cybersecurity training and tests, it was found that employees from the Middle East and Africa were more likely to fall victim to phishing than those from other regions – Europe, North, and South America. 14,7% of employees from the Middle East and 11% of employees from Africa failed the phishing test. The APAC region was even further behind – here 15,6% of trainees failed the phishing test.
Over 2021-2022 in the Middle East, Turkey, and Africa region, the most popular topics for personnel cybersecurity training were safe email usage and how to set secure passwords. These trainings were selected by over 70% of employees who passed the training. Other popular training topics included mobile device security, social media account security, and endpoint workstation protection. The course on data confidentiality was the least popular one.
“While the world of tech is advancing rapidly, people’s skillset often lags. As it turns out, the majority of employees globally need basic cybersecurity training. In our recent testing, which was carried out using the Kaspersky Gamified Assessment tool, just 11% of 3,907 employees proved to have a high level of cybersecurity awareness. The so-called ‘human firewall’ is often the weakest link in the cyber protection of an organization,” says Svetlana Kalashnikova, Product Manager for Services & Education at Kaspersky. “Companies should invest not only in traditional cybersecurity solutions that can be installed on corporate systems but also in employee training. And before one can get trained, his cyber skillset should be assessed. The Gamified Assessment Tool is included in the ‘engagement phase’ of the Kaspersky Security Awareness Portfolio. It precedes the training stage in the Kaspersky Automated Security Awareness Platform, allowing employees to get a clearer motivation for learning and helping organizations find out which educational program best fits their workers’ specific needs.”
To avoid scams, keep personal and corporate data private, and save funds, Kaspersky experts recommend:
- Check any link before clicking. Hover over it to preview the URL and look for misspellings or other irregularities. Double-check company name spelling. It’s also good practice to only enter a username and password over a secure connection. Look for the HTTPS prefix before the site URL, indicating the connection to the site is secure.
- Organizations should conduct regular cyber skill check-ups among employees and offer competent training. Kaspersky Security Awareness portfolio offers flexible ways to train staff and is easily customizable and scalable to meet the needs of any company size.
- Use a trusted security solution that can help you check the security of the URL that you’re visiting and also provides the ability to open any site in a protected container to prevent theft of sensitive data, including financial details. Use a reliable security solution, such as Kaspersky Premium, that identifies malicious attachments and blocks phishing sites. Thanks to access to international threat intelligence sources, these solutions are capable of spotting and blocking spam and phishing campaigns.