Examining their customer's data, Proofpoint discovered that widespread focus on user awareness targeting common Phishing lures - such as social media invites and unsolicited messages in general, led to a 94 percent decrease (year-over-year ) in number of successful Phishing campaigns. That's great news, but unfortunately, the criminals switched tactics.
Previous awareness training initiatives focused on executives first and everyone else second. This allowed criminals a prime opportunity to target lower level staffers and middle management, using tactics that were different from the ones that users were trained to spot. The altered tactics were also able to bypass most mail filters.
The result was a resounding success for the criminals, and an observable lesson that every company clicks, and no one person or department within the organization is immune to Phishing or similar social engineering attacks.
"The central lesson of 2014 for CISOs is that while user education may have an impact, attackers can always adapt and adjust their techniques more rapidly than end-users can be educated," the Proofpoint study states.