More than 30% of employees put their companies at risk of data breach
Since its July 2016 launch, around 400 companies have begun using Duo Insight, a free tool that lets IT teams run internal phishing simulations.
Of the 11,542 users who received a phishing email from their IT team, 31% of organizations are at risk of a data breach due to phishing attacks.
Based on the data from Duo Insight, in a real-world scenario, attackers can run a phishing campaign that takes only 5 minutes to put together, and within 25 minutes they've got access to corporate data resulting in a data breach.
31% of users clicked the link in the phishing email sent by their internal team.
Those users who clicked the link in the phishing campaign open their organizations to hackers through unsecured internet browsers, plugins (Flash and Java), and out-of-date operating systems on their devices.
Hackers can easily exploit those vulnerabilities and get even more than they would get with just a set of credentials. In this case, attackers would have complete control over the compromised device.
Worse still, 17% of users entered their username and password, giving an attacker in a real-world scenario the keys to corporate data. ■