Helsinki, Finland - September 8, 2021: 33% of emails employees report as phishing are either malicious or highly suspect, according to new research. The finding comes from an analysis of emails reported by employees from organizations across the globe during the first half of 2021, and highlights the efficacy of employee-led efforts in preventing cyber attacks.
Approximately one third of people working for organizations using F-Secure's email reporting plugin for Microsoft Office 365 submitted over 200 000 emails for analysis during the first half of the year. On average, active users submitted 2.14 emails each during the period.
According to the analysis (available at https://www.f-secure.com/content/dam/press/en/media-library/reports/F-Secure_automation_burnout.pdf) the most common reason users gave for reporting emails was a suspicious link, which was cited by 59% of users. 54% reported an email because of an incorrect or unexpected sender, and 37% because of suspected spam. 34% of users suspected the use of social engineering in an email, while 7% reported because of a suspicious attachment.
99% of the reports were automatically analyzed. Out of those, 33% were classified as phishing. Security professionals manually investigated the remaining 1% of reported emails, and determined 63% of those were phishing attempts.
'You often hear that people are security's weak link. That's very cynical and doesn't consider the benefits of using a company's workforce as a first line of defense,' said F-Secure Director of Consulting Riaan Naude. 'Employees can catch a significant number of threats hitting their inbox if they can follow a painless reporting process that produces tangible results.'
F-Secure Oyj published this content on 08 September 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 08 September 2021 07:31:02 UTC.