Cyberbytes Daily

HR & IT-Related Phishing Emails Are Top-Clicked Among Phishing Email Types

HR & IT-Related Phishing Emails Are Top-Clicked Among Phishing Email Types

Phishing emails masquerading as HR and IT-related communications are the most likely to be clicked on by employees as unveiled in a recent study, posing a significant cybersecurity risk to organizations across various industries.

The 2024 Phishing by Industry Benchmarking Report, conducted by KnowBe4, analyzed data from over 54 million simulated phishing tests.

While these tests are performed across more than 11.9 million users from 55,675 organizations in 19 different industries.

Through this report researchers at KnowBe4 highlighted the ongoing vulnerability of employees to social engineering attacks, particularly those that mimic internal communications.

Top three riskiest industries by organization size (Source – Knowbe4)

High Initial Vulnerability: The study found that without proper training, organizations across all industries and sizes faced an average Phish-prone Percentage (PPP) of 34.3%. This means that roughly one in three employees were likely to interact with malicious emails.

Industry-Specific Risks: Healthcare & Pharmaceuticals emerged as one of the most vulnerable sectors, with a PPP of 51.4% for large organizations. Other high-risk industries included Insurance (48.8%) and Energy & Utilities (47.8%).

Size Matters: Larger organizations (1000+ employees) generally showed higher vulnerability, with several industries exceeding a 40% PPP.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

Technical Analysis

The report emphasizes the crucial role of comprehensive security awareness training:

  • After just 90 days of training, the average PPP dropped to 18.9%, representing a nearly 50% reduction in vulnerability.
  • Organizations that maintained ongoing training for a year or more saw their PPP plummet to an impressive 4.6%.
Methodology and data set (Source – Knowbe4)

Cybersecurity experts stress the importance of continuous education and testing. “Merely paying lip service to security awareness programs does little to shield an organization from attacks that target human vulnerabilities,” the report states.

2024 International Phishing Benchmarks (Source – Knowbe4)

To mitigate risks, organizations are advised to:-

  1. Implement regular, comprehensive security awareness training.
  2. Conduct frequent simulated phishing tests.
  3. Foster a security-conscious culture within the organization.
  4. Invest in both employee training and advanced technological defenses.

However, it’s important to note that the transforming employee behavior requires persistence, but the benefits of a security-aware workforce are invaluable in the face of increasingly sophisticated phishing attempts.

By prioritizing human risk management and encouraging a strong cybersecurity culture, organizations can significantly reduce their vulnerability to phishing attacks and other social engineering threats.

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar

The post HR & IT-Related Phishing Emails Are Top-Clicked Among Phishing Email Types appeared first on Cyber Security News.

Tags

About Author

Chad Barr

Chad Barr is a visionary and executive leader, blending over two decades of expertise with a unique ability to demystify complex technical concepts. As a cybersecurity leader, prolific author, and director at AccessIT Group, Chad has empowered organizations across diverse industries to build resilient security frameworks. His engaging writing, speaking engagements, and thought leadership inspire proactive cybersecurity practices, making him a trusted voice in the ever-evolving digital landscape.

My Books

Cybersecurity News

  • Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers
    by [email protected] (The Hacker News) on January 9, 2025 at 5:29 pm

    Palo Alto Networks has released software patches to address several security flaws in its Expedition migration tool, including a high-severity bug that an authenticated attacker could exploit to access sensitive data. “Multiple vulnerabilities in the Palo Alto Networks Expedition migration tool enable an attacker to read Expedition database contents and arbitrary files, as well as create and

  • 5 Benefits Of A Malware Sandbox For Business Security
    by Balaji N on January 9, 2025 at 5:27 pm

    Imagine an employee receiving an email that looks completely legitimate, maybe it’s a fake invoice or a shipping update. They click on the attachment, and just like that, your network could be infected with ransomware, sensitive customer data stolen, or your entire system brought to a halt. It’s a nightmare scenario, but one that happens The post 5 Benefits Of A Malware Sandbox For Business Security appeared first on Cyber Security News.

  • Rapid Cyber Incident Response: Why Speed, Quality, and the Right Tools Matter
    by Kaaviya Ragupathy on January 9, 2025 at 4:48 pm

    As you probably know by now, it doesn’t really matter how big in size your business is, you’re going to be up against the risk of cyberattacks in some form or another. These can range in scope and scale with threats such as ransomware and phishing campaigns right through insider threats and advanced persistent attacks. The post Rapid Cyber Incident Response: Why Speed, Quality, and the Right Tools Matter appeared first on Cyber Security News.

  • Criminal IP Launches Real-Time Phishing Detection Tool on Microsoft Marketplace
    by Kaaviya Ragupathy on January 9, 2025 at 4:32 pm

    Criminal IP, a globally recognized Cyber Threat Intelligence (CTI) solution by AI SPERA, has launched its Criminal IP Malicious Link Detector add-in on the Microsoft Marketplace. This cutting-edge tool provides real-time phishing email detection and URL blocking for Microsoft Outlook, adding an essential layer of email security in the face of increasing cyber threats. Generative AI advancements The post Criminal IP Launches Real-Time Phishing Detection Tool on Microsoft Marketplace appeared first on Cyber Security News.

  • New AI Challenges Will Test CISOs & Their Teams in 2025
    by Josh Lemos on January 9, 2025 at 3:00 pm

    CISOs need to recognize the new threats AI can present — while also embracing AI-powered solutions to stay ahead of those threats.

Latest Posts

Categories

Tags

AI AWS ChatGPT Credit Card Fraud Cybercriminals Cyber News Cyber Security Cybersecurity News Data Breach Digital Transformation Gen AI IoT Nation-State Ransomware Security Skimmer Malware Starbucks