HR emails mislead employees the most – KnowBe4 study reveals
New research has found that the top email topics clicked on in phishing tests were those related to or from human resources, according to the latest’most clicked phishing tests‘ driven by KnowBe4. In fact, half of those clicked had HR-related subject lines, including vacation policy updates, dress code changes, and upcoming performance reviews. The second most viewed category was sent by IT, which includes password verification requests or actions that were needed immediately.
“We already know that more than 80% of corporate data breaches worldwide stem from human error,” said Stu Sjouwerman, CEO of KnowBe4. “New-school security awareness training for your staff is one of the least expensive and most effective methods of thwarting social engineering attacks. The training gives employees the ability to quickly recognize a suspicious email, even if it appears to be from an internal source, forcing them to stop before clicking. That moment when they stop and question email is a critical and often overlooked part of security culture that could significantly reduce your risk surface.
To add, KnowBe4 also listed the number one attack threat in the last quarter from their phishing tests and those seen in the wild. are phishing links in the body of the email. As we all know that once these malicious links are clicked in the real world, they often lead to dire consequences like ransomware attacks or data breaches.
This research follows the recent KnowBe4 industry benchmarking report which found that one in three untrained employees will click on a phishing link. The worst performing sectors were energy and utilities, insurance and consulting, all labeled as most at risk for social engineering in the large business category. Stu added: “With the high cost of cyberattacks, this is deeply concerning. Given that most data breaches come from social engineering, we cannot afford to omit the human element. Implementing security awareness training with simulated phishing tests will help better protect organizations against cyberattacks and result in a more secure organizational culture.