- Most phishing incidents occur before the new employees understand how internal systems work, the report states
- Security awareness must start the first day, before the first email is opened
- Hackers point to uncertainty, and incorporation is full of this for new and anxious confusing hiring
The first months of employment are now one of the most risky periods for business cybersecurity, has affirmed a new research,
The Phishing’s Phishing susceptibility report of Keepnet, New Hirs, found almost three quarters (71%) of the new employees who fall for Phishing or Social Engineering attacks within their first 90 days at work.
It is often overlooked in incorporation workflows, this deficiency suggests that many organizations are not doing enough to prepare the new staff for the reality of modern cyber threats.
Inexperience, urgency and confusion drive early errors
The report, based on data from 237 companies, reveals that new employees have 44% more likely to be deceived by Phishing attempts than their long -term colleagues.
Most incidents come from a combination of inexperience, lack of familiarity with internal processes and a desire to fulfill the instructions.
Common attack types include CEO impersonation, fraudulent human resources portals, requests for false invoices and technical support scams, many of which exploit this period of confusion of incorporation.
The study also found that PHISHING Electronic Posts that are made by executives led to a 45% higher successful rate among the new hiring compared to the titular staff.
This gap demonstrates how even basic social engineering tactics can be disproportionately effective against employees who are still sailing through organizational systems and norms.
Without dedicated and structured training, these first errors can create lasting safety risks.
To address this problem, Keepnet recommends that organizations adopt a layer defense strategy adapted specifically for incorporation periods.
Organizations that adopted adaptive simulations and behavior -based training programs saw a risk of phishing by 30% after incorporation.
Traditional tools such as the best final point protection, the best FWAA and the best FWAAAS solution are still essential, but they are not enough on their own.
“Phishing attacks do not wait for their employees to feel ready. Our research shows that organizations must invest in the training of specific cybersecurity awareness of incorporation. We are proud to offer adaptive and scalable solutions that protect companies from day one,” said Ozar Uçar, CEO, Keepnet.
