Click here to visit Original posting
- KnowBe4 surveyed employees around the world to gauge their confidence in spotting phishing
- Many confident people have also fallen victim in the past
- Education and transparency are key to combating phishing, researchers said
Despite being confident in their ability to spot phishing, many employees still fall for such scams, new research has claimed.
A report from KnowBe4 warns about “misplaced confidence” which can cause even more problems for businesses, showing almost all (86%) of respondents believe they can confidently identify phishing emails.
Yet more than half (53%) fell victim to some form of social engineering scams: 24% fell for a phishing attack, 17% were tricked by a social media scam, and 12% were tricked by a deepfake scam.
High confidence often leads to victimization
Employees in South Africa lead the way in both the highest confidence levels and highest scam victimization rate (68%), KnowBe4 explains, hinting that misplace confidence can create a false sense of security.
At the other end of the spectrum are UK employees, who reported the lowest scam victim rate (43%). However, this figure too is down 5% compared to 2021, indicating that vulnerability is rising even in regions with historically high confidence levels.
Training is paramount to combating phishing and social engineering, KnowBe4 says, adding that “fostering a transparent security culture” is equally important. While more than half (56%) of employees feel “very comfortable” reporting security concerns, 1 in 10 still hesitate, either out of fear, or uncertainty.
“The Dunning-Kruger effect, which is a cognitive bias where people overestimate their ability, is alive and well in cybersecurity,” commented Anna Collard, SVP Content Strategy & Evangelist at KnowBe4.
“This overconfidence fosters a dangerous blind spot - employees assume they are scam-savvy when, in reality, cybercriminals can exploit more than 30 susceptibility factors, including psychological and cognitive biases, situational awareness gaps, behavioral tendencies, and even demographic traits.”
You might also like
- A flaw in Google OAuth system is exposing millions of users via abandoned accounts
- We've rounded up the best password managers
- Take a look at our guide to the best authenticator app