Kaspersky blocked 2022 million users' attempts to track malicious phishing links in 507. Research was carried out through the phishing simulator built into the Kaspersky Automated Security Awareness Platform (KASAP) in 2021-2022. Observations made among employees in the Middle East, Turkey, and Africa region found that employees most frequently reported on dress codes (20,2 percent of employees), account restriction (9,3 percent of interns), and false hiring statements (5,1 percent of employees). He explains that he was the victim of fraudulent emails disguised as a company announcement.
After analyzing employees' cybersecurity training and testing results, it was found that employees in the Middle East and Africa were more likely to be victims of phishing than employees in other regions (Europe, North and South America). 14,7 percent of employees in the Middle East and 11 percent of employees in Africa failed the phishing test. The APAC region lagged even further behind, with a phishing test failure rate of 15,6 percent.
Secure email use training draws attention from employees
In the 2021-2022 period, the most popular topics focused on the cyber security training of personnel in the Middle East, Turkey and Africa region were the use of secure e-mail (such as distinguishing suspicious links, understanding what is fraudulent) and how to set a secure password. These trainings were preferred by more than 70 percent of the employees. Other popular training topics included mobile device security, social media account security, and protection of endpoint workstations. Data privacy trainings were at the bottom of the popularity list.
Svetlana Kalashnikova, Kaspersky Services and Training Product Manager, said:
“As the world of technology advances rapidly, people's skills often lag behind it. It seems that most of those working globally need basic cybersecurity training. In our latest test using the Kaspersky Gamified Assessment tool, only 3 percent of 907 employees were proven to have a high level of cybersecurity awareness. We often see this element, called the 'human firewall', as the weakest link in corporate cyber protection. Therefore, companies should invest not only in traditional cybersecurity solutions that can be installed in corporate systems, but also in employee training. In addition, cyber skills should be considered before individuals are trained. We present the Gamified Evaluation Tool as part of the 'engagement phase' of the Kaspersky Security Awareness Portfolio. This tool, which precedes the training phase in the Kaspersky Automated Security Awareness Platform, makes it easier for employees to be motivated by the learning process and helps organizations find the training program that best fits their employees' needs.”
Kaspersky experts recommend the following for organizations that want to avoid being a victim of fraud, keep their personal and corporate data confidential, and save on costs:
Check each link before clicking. To do this, hover over the URL to preview it and look for typos or other irregularities. Especially double-check the company name spellings. Only enter your username and password over a secure connection. Before the site URL, look for the HTTPS prefix indicating that the connection to the site is secure.
Organizations should conduct regular cyber skills checks and provide competent training among employees. The Kaspersky Security Awareness portfolio offers flexible new ways to train your staff, is easily customizable and can be scaled to meet the needs of companies of any size.
Use a reliable security solution that gives you the ability to open any site in a sandbox to help you control the security of the URL you visit, as well as prevent theft of your sensitive data, including financial information. For this, you can opt for a reliable security solution such as Kaspersky Premium, which identifies malicious attachments and blocks phishing sites. These solutions are capable of detecting and blocking spam and phishing campaigns, thanks to their access to international threat intelligence sources.