Most companies now run phishing simulations to prepare their employees for attacks Despite being around for almost three decades, phishing is still a popular cybercrime tactic, a new report from Sophos claims. Phishing owes most of its popularity to its simplicity, scalability and capacity to flex to current events.

To address the issue, most businesses are deploying cyber awareness programs and various training initiatives, with varying levels of success.

The biggest problem is that businesses often underestimate the destructive potential of phishing. Most of the time, they perceive it as a low-level threat, disregarding the fact that phishing is usually the first of many steps in highly complex and often devastating attacks.

It’s true that businesses have started to address the issue, however. Nine in ten have implemented a cyber-awareness program, with an additional six percent planning to set one up.

But most of these programs (65 percent) were implemented up to three years ago, Sophos adds, hinting that businesses have only recently started addressing the problem in a holistic way.

Computer-based training programs seem to be most popular, as 58 percent of organizations use them. More than half (53 percent) use human-led training, while 43 percent run phishing simulations. Sophos also found that 16 percent combine all three techniques.

These programs should be a lot of help to organizations that run them, the report concludes, adding that employees should be “well-placed to withstand the barrage of phishing emails”.