www.proofpoint.com
Open in
urlscan Pro
2a02:e980:107::cf
Public Scan
URL:
https://www.proofpoint.com/us/blog/security-awareness-training/faqs-2024-state-phish-report-part-2-user-behaviors-and-attit...
Submission: On April 23 via manual from GB — Scanned from GB
Submission: On April 23 via manual from GB — Scanned from GB
Form analysis 3 forms found in the DOM
/us
<form action="/us" data-region="us" data-language="en">
<input type="text" name="search_block_form" placeholder="Search">
<input type="submit">
</form><form id="mktoForm_19277" data-mkto-id="19277" data-mkto-base="//app-abj.marketo.com" data-munchkin-id="309-RHV-619" data-submit-text="" data-redirect-link="" data-prefill="" data-event-label="" data-lang-code="us" data-validate-email="1"
class="mk-form__form marketo-form-block__form mktoForm mktoHasWidth mktoLayoutLeft js-visible mkto-form-processed" data-asset-type="Blogs Subscribe" novalidate="novalidate"
style="font-family: inherit; font-size: 16px; color: rgb(51, 51, 51); width: 1601px;">
<style type="text/css"></style>
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 5px;">
<div class="mktoOffset" style="width: 5px;"></div>
<div class="mktoFieldWrap mktoRequiredField"><label for="Email" id="LblEmail" class="mktoLabel mktoHasWidth" style="width: 150px;">
<div class="mktoAsterix">*</div>Business Email:
</label>
<div class="mktoGutter mktoHasWidth" style="width: 5px;"></div><input id="Email" name="Email" placeholder="Business Email *" maxlength="255" aria-labelledby="LblEmail InstructEmail" type="email"
class="mktoField mktoEmailField mktoHasWidth mktoRequired" aria-required="true" style="width: 200px;"><span id="InstructEmail" tabindex="-1" class="mktoInstruction"></span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="blogInterest" class="mktoField mktoFieldDescriptor mktoFormCol" value="All Blog Posts" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Employees_Picklist__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="State" class="mktoField mktoFieldDescriptor mktoFormCol" value="State/Province" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Most_Recent_Medium__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="Website" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Most_Recent_Medium_Detail__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="www-pfpt" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Industry" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Website" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="AnnualRevenue" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="demandbasesid" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="demandBase_Data_Source" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Primary_Product_Interest__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="UTM_Post_ID__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="utmcampaign" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="utmterm" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="db_employee_count" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Unsubscribed" class="mktoField mktoFieldDescriptor mktoFormCol" value="0" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoButtonRow"><span class="mktoButtonWrap mktoNative" style="margin-left: 110px;"><button type="submit" class="mktoButton">Submit</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor"
value="19277" placeholder=""><input type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor" value="309-RHV-619" placeholder=""><input type="hidden" name="Website_Conversion_URL__c" class="mktoField mktoFieldDescriptor"
value="https://www.proofpoint.com/us/blog/security-awareness-training/faqs-2024-state-phish-report-part-2-user-behaviors-and-attitudes"><input type="hidden" name="gAClientID" class="mktoField mktoFieldDescriptor" value="382643075.1713883719">
</form><form data-mkto-id="19277" data-mkto-base="//app-abj.marketo.com" data-munchkin-id="309-RHV-619" data-submit-text="" data-redirect-link="" data-prefill="" data-event-label="" data-lang-code="us" data-validate-email="1"
class="mk-form__form marketo-form-block__form mktoForm mktoHasWidth mktoLayoutLeft" data-asset-type="Blogs Subscribe" novalidate="novalidate"
style="font-family: inherit; font-size: 16px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;"></form>Text Content
Skip to main content Products Solutions Partners Resources Company ContactLanguages Support Log-in Digital Risk Portal Email Fraud Defense ET Intelligence Proofpoint Essentials Sendmail Support Log-in Main Menu Threat Protection Stop inbound email threats and drive security awareness. Impersonation Protection Authenticate email and identify risky suppliers. Identity Protection Protect identities in hybrid enterprises from account takeover. Information Protection Defend data and manage insider threat. Premium Services Leverage proactive expertise, operational continuity and deeper insights from our skilled experts. Solutions by Topic Combat Email and Cloud Threats Protect your people from email and cloud threats with an intelligent and holistic approach. Change User Behavior Help your employees identify, resist and report attacks before the damage is done. Combat Data Loss and Insider Risk Prevent data loss via negligent, compromised and malicious insiders by correlating content, behavior and threats. Modernize Compliance and Archiving Manage risk and data retention needs with a modern compliance and archiving solution. Protect Cloud Apps Keep your people and their cloud apps secure by eliminating threats, avoiding data loss and mitigating compliance risk. Prevent Loss from Ransomware Learn about this growing threat and stop attacks by securing today’s top ransomware vector: email. Secure Microsoft 365 Implement the very best security and compliance solution for your Microsoft 365 collaboration suite. Defend Your Remote Workforce with Cloud Edge Secure access to corporate resources and ensure business continuity for your remote workers. Authenticate Your Email Protect your email deliverability with DMARC. Why Proofpoint Today’s cyber attacks target people. Learn about our unique people-centric approach to protection. Solutions by Industry Federal Government State and Local Government Higher Education Financial Services Healthcare Mobile Operators Internet Service Providers Small and Medium Businesses Partner Programs Channel Partners Become a channel partner. Deliver Proofpoint solutions to your customers and grow your business. Archive Extraction Partners Learn about Proofpoint Extraction Partners. Global System Integrator (GSI) and Managed Service Provider (MSP) Partners Learn about our global consulting and services partners that deliver fully managed and integrated solutions. Technology and Alliance Partners Learn about our relationships with industry-leading firms to help protect your people, data and brand. Social Media Protection Partners Learn about the technology and alliance partners in our Social Media Protection Partner program. Proofpoint Essentials Partner Programs Small Business Solutions for channel partners and MSPs. Partner Tools Become a Channel Partner Channel Partner Portal Resource Library Find the information you're looking for in our library of videos, data sheets, white papers and more. Blog Keep up with the latest news and happenings in the ever‑evolving cybersecurity landscape. Podcasts Learn about the human side of cybersecurity. Episodes feature insights from experts and executives. New Perimeters Magazine Get the latest cybersecurity insights in your hands – featuring valuable knowledge from our own industry experts. Threat Glossary Learn about the latest security threats and how to protect your people, data, and brand. Events Connect with us at events to learn how to protect your people and data from ever‑evolving threats. Customer Stories Read how Proofpoint customers around the globe solve their most pressing cybersecurity challenges. Webinars Browse our webinar library to learn about the latest threats, trends and issues in cybersecurity. Security Hubs Get free research and resources to help you protect against threats, build a security culture, and stop ransomware in its tracks. Threat Hub CISO Hub Cybersecurity Awareness Hub Ransomware Hub Insider Threat Management Hub About Proofpoint Proofpoint is a leading cybersecurity company that protects organizations' greatest assets and biggest risks: their people. Why Proofpoint Today’s cyber attacks target people. Learn about our unique people-centric approach to protection. Careers Stand out and make a difference at one of the world's leading cybersecurity companies. News Center Read the latest press releases, news stories and media highlights about Proofpoint. Privacy and Trust Learn about how we handle data and make commitments to privacy and other regulations. Environmental, Social, and Governance Learn about our people-centric principles and how we implement them to positively impact our global community. Support Access the full range of Proofpoint support services. Learn More English (Americas) English (Europe, Middle East, Africa) English (Asia-Pacific) Español Deutsch Français Italiano Português 日本語 한국어 Products Products Solutions Partners Resources Company English (Americas) English (Europe, Middle East, Africa) English (Asia-Pacific) Español Deutsch Français Italiano Português 日本語 한국어 Login Support Log-in Digital Risk Portal Email Fraud Defense ET Intelligence Proofpoint Essentials Sendmail Support Log-in Contact Threat Protection Stop inbound email threats and drive security awareness. Impersonation Protection Authenticate email and identify risky suppliers. Identity Protection Protect identities in hybrid enterprises from account takeover. Information Protection Defend data and manage insider threat. Premium Services Leverage proactive expertise, operational continuity and deeper insights from our skilled experts. Protect People and Defend Data with Proofpoint Cybersecurity Packages Human-centric cybersecurity packages from Proofpoint. Complete protection against today's risks—tailored to your organization's unique needs. Maximize security. Optimize value. Learn more Solutions by Topic Combat Email and Cloud Threats Protect your people from email and cloud threats with an intelligent and holistic approach. Change User Behavior Help your employees identify, resist and report attacks before the damage is done. Combat Data Loss and Insider Risk Prevent data loss via negligent, compromised and malicious insiders by correlating content, behavior and threats. Modernize Compliance and Archiving Manage risk and data retention needs with a modern compliance and archiving solution. Protect Cloud Apps Keep your people and their cloud apps secure by eliminating threats, avoiding data loss and mitigating compliance risk. Prevent Loss from Ransomware Learn about this growing threat and stop attacks by securing today’s top ransomware vector: email. Secure Microsoft 365 Implement the very best security and compliance solution for your Microsoft 365 collaboration suite. Defend Your Remote Workforce with Cloud Edge Secure access to corporate resources and ensure business continuity for your remote workers. Authenticate Your Email Protect your email deliverability with DMARC. Why Proofpoint Today’s cyber attacks target people. Learn about our unique people-centric approach to protection. Solutions by Industry Federal Government State and Local Government Higher Education Financial Services Healthcare Mobile Operators Internet Service Providers Small and Medium Businesses Partner Programs Channel Partners Become a channel partner. Deliver Proofpoint solutions to your customers and grow your business. Archive Extraction Partners Learn about Proofpoint Extraction Partners. Global System Integrator (GSI) and Managed Service Provider (MSP) Partners Learn about our global consulting and services partners that deliver fully managed and integrated solutions. Technology and Alliance Partners Learn about our relationships with industry-leading firms to help protect your people, data and brand. Social Media Protection Partners Learn about the technology and alliance partners in our Social Media Protection Partner program. Proofpoint Essentials Partner Programs Small Business Solutions for channel partners and MSPs. Partner Tools Become a Channel Partner Channel Partner Portal Resource Library Find the information you're looking for in our library of videos, data sheets, white papers and more. Blog Keep up with the latest news and happenings in the ever‑evolving cybersecurity landscape. Podcasts Learn about the human side of cybersecurity. Episodes feature insights from experts and executives. New Perimeters Magazine Get the latest cybersecurity insights in your hands – featuring valuable knowledge from our own industry experts. Threat Glossary Learn about the latest security threats and how to protect your people, data, and brand. Events Connect with us at events to learn how to protect your people and data from ever‑evolving threats. Customer Stories Read how Proofpoint customers around the globe solve their most pressing cybersecurity challenges. Webinars Browse our webinar library to learn about the latest threats, trends and issues in cybersecurity. Security Hubs Get free research and resources to help you protect against threats, build a security culture, and stop ransomware in its tracks. Threat Hub CISO Hub Cybersecurity Awareness Hub Ransomware Hub Insider Threat Management Hub About Proofpoint Proofpoint is a leading cybersecurity company that protects organizations' greatest assets and biggest risks: their people. Why Proofpoint Today’s cyber attacks target people. Learn about our unique people-centric approach to protection. Careers Stand out and make a difference at one of the world's leading cybersecurity companies. News Center Read the latest press releases, news stories and media highlights about Proofpoint. Privacy and Trust Learn about how we handle data and make commitments to privacy and other regulations. Environmental, Social, and Governance Learn about our people-centric principles and how we implement them to positively impact our global community. Support Access the full range of Proofpoint support services. Learn More Blog Security Awareness Training FAQs from the 2024 State of the Phish Report, Part 2: User Behaviors and Attitudes Toward Security FAQS FROM THE 2024 STATE OF THE PHISH REPORT, PART 2: USER BEHAVIORS AND ATTITUDES TOWARD SECURITY Share with your network! April 18, 2024 Sara Pan Welcome to the second installment of our two-part blog series where we answer the most frequently asked questions about the 2024 State of the Phish Report. In our previous article, we answered questions related to the threat landscape findings. Here, we answer questions related to user behaviors and attitudes, as well as how to grow your security awareness program. One of the most interesting findings that came out of the 2024 State of the Phish report was the fact that 71% of users admitted to engaging in a risky action and 96% of those users understood the risk. This suggests that people are not acting out of ignorance. Despite knowing that their actions could compromise themselves or their organization, people chose to proceed anyway. This information is crucial for the growth of any security awareness program. It enables organizations to tailor their efforts. By observing and analyzing how users interact with security policies, organizations can identify knowledge gaps and areas of resistance. When you engage users in this manner, you not only educate them but also transform them into active participants in protecting your organization. 96% of users who took a risky action knew that it was risky. (Source: 2024 State of the Phish from Proofpoint.) Our findings inspired hundreds of questions from audiences across the world. What follows are some of the questions that repeatedly came up. FREQUENTLY ASKED QUESTIONS WHAT ARE SOME WAYS TO GET USERS TO CARE ABOUT SECURITY AND GET ENGAGED? Two-way communication is key. Take a moment to explain to your employees why you’re running a behavior change program, what the expectations are and what projected outcomes you foresee. Make it personal. Let people know that cybersecurity isn’t just a work skill but a portable skill they can take home to help themselves and their families be safer in life. Keep your employees up to speed on what’s happening in the current threat landscape. For example: * What types of threats does your business see? * Which departments are under attack? * How does the security team handle these incidents? * What can people do to defend against emerging threats that target them? Research for the 2024 State of the Phish report found that 87% of end users are more motivated to prioritize security when they see increased engagement from leadership or the security team. In short: You need to open up the lines of communication, listen to your employees and incorporate their feedback, and establish a security champion network to help facilitate communication more effectively. ANY IDEAS ON WHY THE CLICK RATE FOR PHISHING SIMULATIONS WENT UP FOR MANY INDUSTRIES THIS YEAR? There may be a few possible reasons. For starters, there has been an increase in the number of phishing tests sent. Our customers sent out a total of 183 million simulated phishing tests over a 12-month period, up from 135 million in the previous 12-month period. This 36% increase suggests that our customers may have either tested their users more frequently or tested more users in general. Also, some users might be new to these tests, resulting in a higher click rate. Regardless, if you are conducting a phishing campaign throughout the year, the click rates of phishing tests are expected to go up and down because you want to challenge your employees with new attack tactics they have not seen. Otherwise, the perception would be, “Oh, this is the face of a phish,” if you keep phishing your users with the same test. At Proofpoint, we use machine learning-driven leveled phishing to provide a more reliable way to accurately assess user vulnerability. This unique feature allows security teams to examine the predictability of a phishing template and obtain more consistent outcomes while improving users’ resilience against human-activated threats. People need to understand how attackers exploit human vulnerability. Phishing tests should reflect reality and be informed by real-world threats. They are designed to help people spot and report a phish in real life and to help security teams accurately identify vulnerable users who need additional help. However, it is crucial to keep in mind that the click rate of phishing tests alone does not and should not represent the impact or success of your program. WE HAVE FOUND USERS SPREADING THE WORD THAT PHISHING SIMULATIONS ARE UNDERWAY, WHICH REDUCES THE EFFECTIVENESS OF THESE TESTS. WHAT IS THE BEST WAY TO ADDRESS THIS ISSUE? Here again, the best approach is to communicate with your employees. Let them know why it is important that they refrain from alerting others to phishing tests, even if they think they are helping them. What you do need is for them to help you maintain the integrity of the tests so that people can learn to identify an actual phish. Together, you can help improve your organization’s security posture. One thing worth mentioning is that if your organization is operating under the umbrella of a negative consequence model, such as a job termination or bonus reduction, it could be more difficult for you to stop tipping from happening. People want to save their friends, even if they can’t save themselves. HOW OFTEN DO YOU RECOMMEND RUNNING PHISHING SIMULATIONS? We recommend running phishing simulations every four to six weeks. However, you should find the right cadence for your organization by gauging internal buy-ins and other variables. The point is that you don’t have to phish your entire user base every time. If you try to stay on the four to six-week cadence, you can at least reach everybody a few times throughout the year. HOW CAN LEADERSHIP BE CONVINCED THAT A SECURITY AWARENESS PROGRAM NEEDS TO BE MADE AVAILABLE FOR EVERYONE, INCLUDING CONTRACTORS? Every employee can impact a company’s security posture, positively or negatively. Contractors are often brought in for specialized purposes, and they end up having access to critical data or systems. They are not given a corporate email account and use their own personal devices, meaning the data handled by contractors is not protected by the same level of security controls as the rest of the company. In the 2024 Data Loss Landscape report from Proofpoint, 23.4% of surveyed respondents said that they think contractors pose the greatest risk for data loss incidents. If contractors lack foundational security knowledge—security hygiene, data management and email management principles—they could pose a significant risk to an organization. 23.4% of surveyed respondents said contractors pose the greatest risk for potential data loss incidents for their organizations. (Source: Proofpoint 2024 State of the Phish report.) WHAT ADVICE DO YOU HAVE FOR TRAINING EXECUTIVES AND OTHER HIGHLY TARGETED USERS? Executives are busy. They often believe that they know cybersecurity well and don’t need the same training as average users. This may be true. Therefore, you need to choose the right topics and the right information when you try to engage executives. For example, executives travel a lot. When they travel, where do they have conversations? Perhaps at hotels, restaurants, meeting rooms or coffee shops. Who are in those areas? You want to remind executives how easy it is for someone to target them and their families. Ask them to be careful of what they share with their friends and family online. Tailor communications and training to them. For highly targeted users, show them how they are being targeted. For instance, show people in the human resources department how they are targeted by payroll redirect scams, and show people in finance how many threats are seen that involve fake invoices. Make the connection between the threat landscape and the individual’s role. By making information about potential threats relevant to your audience, you will be more likely to get their attention. WHY IS PUNISHMENT FOR RISKY BEHAVIOR NOT RECOMMENDED? Punishment does not drive sustainable behavior change. It might halt unwanted behavior in the short term, but it creates a bigger risk for the organization in the long run. When organizations punish employees for failing phishing tests by firing them, holding back their bonuses or cutting their paychecks, the FUD (fear, uncertainty and doubt) situation creates a low-trust atmosphere. People don’t believe they can go to the security team if they have questions. Instead, people will try to hide their mistakes or handle them on their own to avoid any trouble. As Florian Herold, an assistant professor of managerial economics and decision sciences at the Kellogg School of Management, said, “It’s much easier to change an established behavior by offering rewards, rather than threatening with punishments.” As a security pro, your goal is to help end users build sustainable security habits that can protect them and the business. You want to help people reflect on how they feel about the impact of their behaviors and choices, so they can take responsibility for their actions. However, a punitive approach to security awareness only makes people fear security—and feel bad about themselves. They lose an opportunity to learn a life skill that would benefit them. And you lose an opportunity to build trust with your employees and build a strong line of defense. HOW DO YOU REWARD EMPLOYEES WHEN YOU HAVE A LIMITED BUDGET? You can reward people without monetary incentives. Here are a few examples that we have learned from security awareness practitioners: * Emails to managers and teams citing strong team security performance * Badges awarded or other recognition given during all-hands meetings to people who have helped secure the organization * Lunch with executives * Gamification—using a leaderboard game to get people engaged * A thank-you note from the chief information security officer (CISO) HOW DO YOU SUGGEST TRAINING USERS FOR PHISHING AWARENESS GIVEN THAT GENERATIVE AI HAS MADE IT MORE DIFFICULT TO DETECT? Generative AI has benefited threat actors by helping them overcome language and cultural barriers in phishing and BEC attacks. While AI can correct grammatical errors and misspellings in the email body, several hooks will likely be present in an AI-generated phish. They include: * A sense of urgency * Requests for sensitive or personal information * Emotional appeal, such as fear, anger, excitement and even sympathy (we see that a lot in charity scams) * A mismatch between the sender display name and the sender email address or URL destination * Lookalike domains Attackers can use generative AI to craft more convincing lures with no grammatical errors or typos, but the “red flags” listed above still hold true. And end users empowered with the right knowledge and tools will be able to pick them up. LEARN MORE Want to learn more about why users engage in risky behaviors and how to help them make security a priority? Download our 2024 State of the Phish report. Proofpoint is focused on helping organizations drive behavior change and building a positive security culture. Check out our Security Awareness solution brief to learn more. Previous Blog Post Subscribe to the Proofpoint Blog * Business Email: Submit About * Overview * Why Proofpoint * Careers * Leadership Team * News Center * Nexus Platform * Privacy and Trust Threat Center * Threat Hub * Cybersecurity Awareness Hub * Ransomware Hub * Threat Glossary * Threat Blog Products * Email Security & Protection * Advanced Threat Protection * Security Awareness Training * Cloud Security * Archive & Compliance * Information Protection * Product Bundles Resources * White Papers * Webinars * Data Sheets * Events * Customer Stories * Blog * Free Trial Connect * +1-408-517-4710 * Contact Us * Office Locations * Request a Demo Support * Support Login * Support Services * IP Address Blocked? * Facebook * Twitter * linkedin * Youtube * English (US) * English (UK) * English (AU) * Español * Deutsch * Français * Italiano * Português * 日本語 * 한국어 © 2024. All rights reserved. Terms and conditions Privacy Policy Sitemap