Employee cyber security training is paying off according to a report recently released by IT security company F-Secure.

Researchers from F-Secure analyzed more than 200,000 emails that had been flagged as suspicious by employees working for organizations around the world. They discovered that more than one-third of those emails could be classified as phishing.

Phishing is an extremely common technique hackers use to gain important information about specific individuals. In some cases, they even gain access to a system that the hackers are targeting. For example, hackers may employ phishing techniques to impersonate a vendor company that another company does business with. Perhaps they attach a poisoned Word or Excel document that appears to be an invoice.

If the recipient enables macros to view the document, it will install malware onto the recipient’s computer. That will allow the hackers to spy on the user and attack other machines on the network. It’s one of the most common tactics employed by hackers around the world with phishing attacks accounting for fully half of all infection attempts in 2020.

Even with a relatively low success rate, there are so many phishing attacks made over the course of any given year that it adds up to a staggering number of successes. That is why hackers rely so heavily on the technique.

F-Secure’s Director of Consulting had this to say about the recently published study:

“You often hear that people are security’s weak link. That’s very cynical and doesn’t consider the benefits of using a company’s workforce as a first line of defense. Employees can catch a significant number of threats hitting their inbox if they can follow a painless reporting process that produces tangible results.”

Naude makes an excellent point. Kudos to the company for conducting the analysis and to all the employees who submitted suspicious emails for a closer look.