Have you noticed how many emails you get every day? According to earthweb.com, the average person receives 100 to 120 emails per day. Surprisingly, 1 in every 99 of those emails is a phishing attack and 85% are spam. Every day hundreds of millions of phishing emails are sent and these numbers have been growing. With the advancement of technology and free resources available on the Internet, malicious actors are getting better at outsmarting even the most advanced security systems and exploiting the weakest link in the cybersecurity ecosystem—humans.
According to Deloitte, 91% of all cyber attacks begin with a phishing email. As more malicious actors are able to camouflage themselves as official emails, we must be constantly aware and able to identify signs of phishing.
Based on a survey conducted by Proofpoint, 84% of respondents said their organization was successfully targeted by at least one email-based phishing attack in 2022 and the amount of money lost directly to phishing attacks increased 76% compared to prior years.
The above information indicates why we require phishing awareness training at UD. This training is designed to help all users—executive leaders, staff, and faculty—become equipped to recognize and appropriately respond to phishing threats, contributing to a more robust cybersecurity posture. Executive and other leadership participation in phishing tests is critical because they represent some of the highest risks to the University due to their access to sensitive information and control of financial processes and resources. They are frequent targets for cybercriminals.
In a time where malicious actors are rapidly improving their phishing techniques through artificial intelligence (AI) and other new technologies, it’s important that we stay alert through consistent practice in order to enhance our security posture.
In addition to being a “best practice” activity, UD is required to maintain an effective security awareness program to comply with regulations, such as HIPAA and PCI-DSS (reference: 12.6). Phishing awareness training is a critical part of an overall security awareness program and helps strengthen our compliance with regulatory security standards. Not conducting University phishing campaigns would expose users to heightened vulnerability to real phishing threats and place the University at risk of operational, financial, and reputational harm.
Reporting is crucial in addressing phishing threats. In the recent past, IT Security has conducted monthly email phishing tests with various levels of real-world complexity to assist recipients in identifying and reporting phishing emails. Reporting suspected emails enables UD’s IT Security department to stay informed about evolving phishing trends, enhance the email filtering system, and respond to potential attacks. Additionally, reporting provides participants with the chance to win attractive rewards in the Secure UD Phishing campaign.