Hoxhunt has released its Human Cyber-Risk Report: Critical Infrastructure, with a key finding that 66% of critical infrastructure employees have correctly reported at least one malicious phishing attempt. Hoxhunt’s researchers state that this statistic is 20% higher than the averages for other industries they’ve done phishing studies for.
This report breaks things down further by analyzing phishing statistics within an organization. Hoxhunt finds that spoofed internal organizational communications are the most effective type of phishing attack and critical infrastructure organizations have an 11.4% higher failure rate to these types of attacks. This suggests members should consider emphasizing the topic of impersonation attacks of internal staff during employee awareness training. The report did find that phishing training produced real-life behavior change and critical infrastructure employees participate at higher rates than other sectors. On a departmental level, marketing and communications were found to have the highest phishing failure rates. Read more at Dark Reading.