How Spear Phishing Puts Businesses on the Hook
Detecting fake messages can be difficult even for those with a trained eye, and criminals are becoming expert at exploiting organizations from the top down.
84% of survey respondents estimated that a spear-phishing attack had penetrated their organization’s security defenses.
On average, respondents estimated that 28% of spear attacks get through their organization’s security defenses.
The most common problems resulting from a spear-phishing attack: diminished employee productivity (41%), financial loss (32%), damage to company reputation (29%) and brand reputation (27%).
15% of respondents said that their company had experienced a decrease in stock price as a result of a successful spear-phishing attack.
Leading targeted over the last 12 months include: IT (44%), financial teams (43%), sales staff (29%), CEO (27%) and other executive staff (24%).
Only 11% of respondents think their organization is fully prepared to deal with spear-phishing attacks.
Nearly 80% of organizations use staff training to prevent attacks. However, only 3% of those that test employees’ responses to spear-phishing attacks find that all employees passed.
On average, respondents estimated that 16% of staff failed their organization’s most-recent spear phishing test.
71% of organizations have implemented a solution to prevent spear phishing. Within this group, 80% use a secure e-mail gateway and 64% rely on a secure Web gateway.
On average, respondents estimated the financial impact of spear phishing to their organization over the last 12 months to be more than $1.6 million.
Use more modern security technologies designed to protect against spear phishing and continue to educate and train employees—from the C-suite to administrative groups—to spot bogus messages.