Blog Post

Microsoft Defender for Office 365 Blog
3 MIN READ

Gone Phishing Tournament™ Takeaways

Clare_Ouyang's avatar
Clare_Ouyang
Icon for Microsoft rankMicrosoft
Apr 08, 2024

Microsoft partnered with Fortra’s Terranova Security in October 2023 once again to kick off the annual Gone Phishing Tournament. The Gone Phishing Tournament (GPT) is an annual online phishing initiative that uses real-world simulations to establish accurate phishing clickthrough rates and additional benchmarking statistics for user behaviors. This helps organizations strengthen their security awareness training programs with accurate phishing benchmarking data.

In this blog, we would like to share the key takeaways from this report and provide insights on what it means to improve organizational resilience against phishing and social engineering attacks with tools like Attack Simulation and Training.

You can visit and download the full report here: Gone Phishing Tournament | Terranova Security

Overview of the Report:

With nearly 300 organizations across 142 different countries that participated in the 2023 tournament, there were over 1.37 million users who received the event’s phishing simulation email. This was an exciting 10% year over year increase of participants and provided a strong look into benchmarking status across many industries.

Gone Phishing Tournament Outcome

Phishing is one of the most common and effective cyberattacks that target individuals and organizations.

 

Overall click rates from this year’s GPT was at 10.4% with 6.5% of the recipients also submitted their credentials.

What this means is that 3 out of every 5 users who clicked on the phishing email link did not recognize the phishing attempt and submitted their credentials.

This suggests that continual phishing awareness education is incredibly important to protect your organization. With new AI and LLM technology, bad actors can set up attacks and create credible looking phishing messages at an even faster rate than previously.

While we continue to develop technical safeguards such as better phishing message detection, it’s important to recognize that humans are still the last line of defense between bad actors and the security of your organization. It is absolutely vital to an organization’s security to continue to educate their employees to enforce awareness and security.

To put it into perspective, if this phishing simulation was a real attack, almost 90,000 passwords could have been collected from the participating organizations. This data could have been used for nefarious purposes like Account takeover, Business email compromise, and Credential stuffing attacks.

What’s next?

It is important to take a security-first culture within your organization. Leverage your simulation and awareness programs to set realistic goals, use engaging training content, develop ongoing training programs, regularly assess and refine your security strategy, and foster a company-wide culture of security awareness.

In this changing landscape of cybersecurity and threats, mitigating the human risk factor and strengthening your organization’s resilience against social engineering is more important than ever. Phishing simulations can help individuals continue to stay vigilant against these threats.

We hope to continue to work with our customers and partners to further invest in user education and security program that matches different organizational needs. Attack Simulation and Training, part of Defender for Office Plan 2, helps organizations train their end users with realistic phishing simulations and security training.

 

Attack Simulation and Training is an intelligent phish risk reduction tool that measures behavior change and automates deployment of an integrated security awareness training program across an organization. It is available with Microsoft 365 E5 or Microsoft Defender for Office 365 P2 plan

Learn more:

To learn more about Microsoft Security solutions, visit our website. Bookmark the security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

 

 

 

 

Updated Apr 08, 2024
Version 1.0
No CommentsBe the first to comment