And The Top Three Security Risks Are ... People, People and People (and Flash, PDF and Java)

Like it or not, wherever you have people, especially untrained people, you have security risks. In recent research, conducted by Wombat, who sent out 10s of millions of simulated phishing emails, their main finding was that "Message from Administrator" had a click rate of 34%, with the password update being the most popular template:

When it comes to the industries that are the most susceptible to phishing, unfortunately it is education, health care and insurance which has the highest success rate:

They also found that 44% of organisations experienced phishing through phone calls (vishing) and SMS messaging (smishing), while 76% of the organisations they polled were a victim of a phishing attack.

So which software vulnerabilities are most to blame when users click on attachments? Well you guessed it ... Adobe is right up there with two of the top four (PDF and Flash), along Java being outdated, while Microsoft makes an appearance in the hall of shame with Silverlight:

In fact Adobe accounts for 43% of all the software vulnerabilities ... so go patch your PDF Reader and Flash products now. Java, has been shown to get its act together with a massive 68% reduction from 2015.

So, how do we solve it? Well ... no magic firewall ... basically more awareness and training and a bit of risk assessment ...

Here's a bit more of an outline: