Research Shows 30% Of Employees May Fall For Phishing Attacks

ANN ARBOR — The Ann Arbor two-factor security developer Duo Security this week published research that illustrates the risk phishing attacks present to business.

Since its July 2016 launch, about 400 companies have begun using Duo Insight, a free tool that lets IT teams run internal phishing simulations. Of the 11,542 users who received a phishing email from their IT team, 31 percent of organizations are at risk of a data breach due to phishing attacks.

Based on the data from Duo Insight, in a real-world scenario, attackers can run a phishing campaign that takes only 5 minutes to put together, and within 25 minutes they’ve got access to corporate data resulting in a data breach.

Data analysis from Duo Labs uncovered that:
* 31 percent of users clicked the link in the phishing email sent by their internal team.
* Those users who clicked the link in the phishing campaign open their organizations to hackers through unsecured internet browsers, plugins (Flash and Java), and out-of-date operating systems on their devices.
* Hackers can easily exploit those vulnerabilities and get even more than they would get with just a set of credentials. In this case, attackers would have complete control over the compromised device.
* Worse still, 17 percent of users entered their username and password, giving an attacker in a real-world scenario the keys to corporate data.

The goal of Duo Insight is to offer organizations of all sizes a free internal phishing drill system that allows them to simulate a phishing attack on their employees in five minutes. With the results of those simulations, administrators can identify potential security weaknesses and make the case for investing in stronger security solutions or better employee education.

In addition, IT teams will better understand the security health, or lack thereof, of all of the devices accessing corporate data. With that information, they can create internal programs to keep employee devices up-to-date and secured against known vulnerabilities.

The company said businesses can run free phishing drills with Duo Insight at to assess risk of phishing attacks that could lead to data breaches.

Duo Security customers include Etsy, NASA, Facebook, K-Swiss, The Men’s Wearhouse, Paramount Pictures, Random House, Toyota, Twitter, Yelp, Zillow, and more. Duo Security is backed by Benchmark, Google Ventures, Radar Partners, Redpoint Ventures and True Ventures. Try Duo’s technology for free at

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.