KnowBe4, a security training platform, is sharing five strategies organizations should take to avoid phishing scams. 

According to recent research from the company, between November 2024 and February 2025 there was a 57.7% increase in successful phishing attacks.

Since phishing attacks target humans, it’s important to properly train employees to avoid them. Here are five recommendations to follow to improve cybersecurity training and reduce the number of phishing scams:

  1. Provide training that is specific to different roles, as every department has different responsibilities and threats.
  2. Conduct real-world phishing simulations that mirror current threat tactics. This will help build up employees’ critical thinking skills and instinctive resistance.
  3. Create a no-blame reporting culture so that employees feel safe reporting suspicious activity so that ransomware can be contained more quickly. 
  4. Implement continuous awareness campaigns involving ongoing reminders, visuals, and communication so that employees are always reminded of things they should look out for.
  5. Make use of AI-powered phishing detection technology so that attempts are blocked before reaching an employee’s inbox. 

“Ransomware remains one of the largest cyber threats an organization can face–and it all starts with social engineering,” said Roger Grimes, data-driven defense evangelist at KnowBe4. “As reports continue to highlight the varied forms of phishing as the most prevalent access vector for ransomware-related attacks, organizations must prioritize reducing human risk first and foremost. This Ransomware Awareness Month, it is crucial for every organization to understand their strongest defense against ransomware is actually their workforce.”