One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8484715 |
| Date de publication | 2024-04-18 06:00:36 (vue: 2024-04-18 13:07:25) |
| Titre | FAQ à partir de l'état du rapport Phish 2024, partie 2: comportements et attitudes des utilisateurs envers la sécurité FAQs from the 2024 State of the Phish Report, Part 2: User Behaviors and Attitudes Toward Security |
| Texte | Welcome to the second installment of our two-part blog series where we answer the most frequently asked questions about the 2024 State of the Phish Report. In our previous article, we answered questions related to the threat landscape findings. Here, we answer questions related to user behaviors and attitudes, as well as how to grow your security awareness program. One of the most interesting findings that came out of the 2024 State of the Phish report was the fact that 71% of users admitted to engaging in a risky action and 96% of those users understood the risk. This suggests that people are not acting out of ignorance. Despite knowing that their actions could compromise themselves or their organization, people chose to proceed anyway. This information is crucial for the growth of any security awareness program. It enables organizations to tailor their efforts. By observing and analyzing how users interact with security policies, organizations can identify knowledge gaps and areas of resistance. When you engage users in this manner, you not only educate them but also transform them into active participants in protecting your organization. 96% of users who took a risky action knew that it was risky. (Source: 2024 State of the Phish from Proofpoint.) Our findings inspired hundreds of questions from audiences across the world. What follows are some of the questions that repeatedly came up. Frequently asked questions What are some ways to get users to care about security and get engaged? Two-way communication is key. Take a moment to explain to your employees why you\'re running a behavior change program, what the expectations are and what projected outcomes you foresee. Make it personal. Let people know that cybersecurity isn\'t just a work skill but a portable skill they can take home to help themselves and their families be safer in life. Keep your employees up to speed on what\'s happening in the current threat landscape. For example: What types of threats does your business see? Which departments are under attack? How does the security team handle these incidents? What can people do to defend against emerging threats that target them? Research for the 2024 State of the Phish report found that 87% of end users are more motivated to prioritize security when they see increased engagement from leadership or the security team. In short: You need to open up the lines of communication, listen to your employees and incorporate their feedback, and establish a security champion network to help facilitate communication more effectively. Any ideas on why the click rate for phishing simulations went up for many industries this year? There may be a few possible reasons. For starters, there has been an increase in the number of phishing tests sent. Our customers sent out a total of 183 million simulated phishing tests over a 12-month period, up from 135 million in the previous 12-month period. This 36% increase suggests that our customers may have either tested their users more frequently or tested more users in general. Also, some users might be new to these tests, resulting in a higher click rate. Regardless, if you are conducting a phishing campaign throughout the year, the click rates of phishing tests are expected to go up and down because you want to challenge your employees with new attack tactics they have not seen. Otherwise, the perception would be, “Oh, this is the face of a phish,” if you keep phishing your users with the same test. At Proofpoint, we use machine learning-driven leveled phishing to provide a more reliable way to accurately assess user vulnerability. This unique feature allows security teams to examine the predictability of a phishing template and obtain more consistent outcomes while improving users\' resilience against human-activated threats. People need to understand how attackers exploit human vulnerability. Phishing tests should reflect reality and be informed by real-world threats. They are designed to help people spot and re |
| Envoyé | Oui |
| Condensat | 135 183 2024 able about above access account accurately across acting action actions activated active actors actual additional address admitted advice again against alerting all allows alone also analyzing anger answer answered any anyway appeal approach are areas article ask asked assess assistant atmosphere attack attackers attacks attention attitudes audience audiences available average avoid awarded awareness back bad badges barriers base bec because been behavior behaviors being believe benefit benefited best between bigger blog body bonus bonuses brief brought budget build building business busy but buy cadence came campaign can care careful challenge champion change charity check chief choices choose chose ciso citing click coffee communicate communication communications company compromise conducting connection consequence consistent contractors controls conversations convinced convincing corporate correct could craft creates critical crucial cultural culture current customers cutting cybersecurity data decision defend defense department departments designed despite destination detect devices difficult display does domains don doubt down download drive driven during easier easy economics educate effectively effectiveness efforts either email emails emerging emotional employee employees empowered enables end engage engaged engaged engagement engaging entire errors establish established even every everybody everyone examine example example: examples excitement executives executives expectations expected explain exploit face facilitate fact failing fake families family faqs fear feature feedback feel finance find findings firing flags” florian focused follows foresee found foundational four frequently friends from fud game gamification gaps gauging general generated generative get given goal grammatical greatest grow growth habits halt handle handled hands happening has have having help helped helping here herold hide higher highly hold holding home hooks hotels how however human hundreds hygiene ideas identify ignorance impact important improve improving incentives incidents include: including incorporate increase increased individual industries information information informed ins inspired installment instance instead integrity interact interesting internal invoices involve isn issue job just keep kellogg key knew know knowing knowledge lack landscape language leaderboard leadership learn learned learning least let level leveled life likely limited line lines listed listen long lookalike lose loss lot low lunch lures machine made maintain make makes making management managerial managers manner many may meaning meeting meetings mentioning might million mind mismatch misspellings mistakes model moment monetary month more more most motivated much name need needs negative negatively network new not note number observing obtain offering officer often one online only open operating opportunity organization organizations organization other others otherwise out outcomes over overcome own part participants paychecks payroll people perception performance perhaps period personal phish phishing pick point policies portable pose positive positively possible posture potential practitioners: predictability present previous principles prioritize priority pro proceed professor program projected proofpoint protect protected protecting provide punish punishment punishments punitive purposes questions questions rate rates rather reach real reality reasons recognition recommend recommended redirect reduces reduction reflect refrain regardless related relevant reliable remind repeatedly report represent requests research resilience resistance resources respondents responsibility rest restaurants resulting reward rewards right risk risky role rooms run running safer said same save scams school sciences second secure security see seen sender sense sensitive sent series several share shops short short: should show significant simulated simulations situation six skill solution some someone source: specialized |
| Tags | Tool Vulnerability Threat |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.