The Phishing Threat in 2024 by Olga Voloshyna


In today’s world, where cyber crime develops ever further and grows ever more inventive, organizations keep seeking ways to protect themselves against potential threats. Regardless of the companies’ efforts to improve their cyber security measures, employees with their weak passwords, proneness to social engineering, and limited knowledge of cyber security remain the primary target for attacks.

Recent reports from KnowBe4, particularly 2023’s Phishing by Industry Benchmark Report, confirm this tendency. The research covered 19 industries and over 12.5 million users from 35 600 organizations. It reveals that 33.2% of these organizations’ employees haven’t been specifically trained in cyber security and are subject to the risk of clicking a harmful link, i.e. can potentially fall victim to a phishing attack.

The report also underlines the importance of investing in employees’ training to increase the overall cyber resilience of an organization. Training programs allow for the radical decrease of proneness to phishing attacks on 82% on average.

Stricter requirements to cyber security enforced by organizational measures are also demanded by the EU’s NIS2 Directive aimed at increasing the level of cyber security in the member states. The Directive requires the companies’ top management to enforce and execute strict control over specialized training in cyber security issues and cyber risk management. Such measures are not only aimed at strengthening the security culture within organizations, but also making the employees better informed and responsible in regard to cyber security both in their professional and personal lives.


Comments are closed.