Most statistical data on phishing attacks point to employee/personnel education, said Daniel DeBlasio vice president of sales, BQT Solutions America Inc. The chart below from the “Cisco 2017 Security Capabilities Benchmark Study” shows executive concerns in regards to the risk of cyber attacks. “Security professionals who participated in Cisco’s study cited all those elements as top sources of concern when they think about their organization’s risk of exposure to a cyber attack,” DeBlasio said. “This is understandable: The proliferation of mobile devices creates more endpoints to protect. The cloud is expanding the security perimeter. And users are, and always will be, a weak link in the security chain. When it comes to phishing, it is the end user and their lack of education as to identifying possible phishing attacks via email or SMS and staying vigilant. Company executives must own the responsibility to ensure education on phishing takes place. In addition, follow-up is required by validating the value of the education by doing internal phishing attacks to ensure education has taken hold.”