"Security Awareness and Training Crucial to Preventing Healthcare Phishing Attacks"
Healthcare phishing attacks remain a top cyberattack vector, but new research shows that consistent security awareness training can significantly reduce the likelihood of a successful attack. KnowBe4 examined a dataset of over 9.5 million users in 19 industries, over 30,000 organizations, and 23.4 million simulated phishing security tests to determine the impact of security training on reducing cyber risk. According to the report, security leaders who continue to invest solely in sophisticated technology and security orchestration risk missing a best practice proven to reduce vulnerability, which is security awareness training combined with frequent simulated social engineering testing. This approach helps increase human readiness to combat cybercrime and lays the critical foundation required to drive a strong security culture throughout an organization. KnowBe4 established a baseline "Phish-Prone Percentage" (PPP), which measured the proportion of employees who clicked on a simulated phishing email despite having no prior security training. Researchers then returned to the PPP after 90 days and again after a year to see how the results had changed. The 2022 PPP baseline average was 32.4 percent across all industries and organization sizes. Healthcare and pharmaceuticals had the second highest average PPP for small organizations (0 to 249 employees), at 32.5 percent. The PPP for healthcare continued to rise as the organization's size increased. The baseline PPP for medium-sized healthcare organizations (250-999 employees) was 36.6 percent, while large organizations (1,000+ employees) had a PPP of 45 percent. The PPP data, while slightly better than in 2021, continues to show that no single industry, across all sizes of organizations, is doing a good at recognizing cybercriminals' phishing and social engineering tactics, according to the report. This article continues to discuss the importance of providing security awareness training to decrease the likelihood of an employee falling victim to a healthcare phishing attack.