Phishing Prevails Despite Investments in Security

Phishing Prevails Despite Investments in Security

Phishing Prevails Despite Investments in SecurityPhishing Prevails Despite Investments in Security

Despite layered security at most organizations, phishing attacks continue, but trained workers are good at detecting attacks such as business email compromises.

Phishing ContinuesPhishing Continues

66% of the senior IT decision-makers surveyed said their company has experienced a phishing-related incident, and most still worry about email-related threats.

Suspicious Emails Reported WeeklySuspicious Emails Reported Weekly

1 to 50 emails: 36%,
51 to 100 emails: 17%,
101 to 500 emails: 17%,
501 to 1,000 emails: 10%,
1,000 or more emails: 21%

Lacking ResourcesLacking Resources

Only 26% of respondents said they have an inbox for users to manually submit a suspicious email. 55% have a help desk, but such teams can be overwhelmed with suspicious email reports.

Top Layers Of SecurityTop Layers Of Security

Email gateway filtering: 85%,
Anti-malware solution: 80%,
Computer-based training: 66%,
Security information: 59%,
URL analysis solutions: 56%

Deceptive Email IncidentsDeceptive Email Incidents

65% of respondents have experienced an email-related security incident, and an additional 20% are not sure whether an incident was caused by emails or something else.

Threats Causing the Most ConcernThreats Causing the Most Concern

Spear-phishing: 40%
Phishing: 30%
Whaling: 20%

Top Challenges Related to PhishingTop Challenges Related to Phishing

Lack of human resources: 46%
Multiple layers of security solutions: 42%
Inability to analyze threat data: 35%
Difficulty categorizing threats: 32%
Too many false alerts: 29%

Feeling InsecureFeeling Insecure

43% of respondents said their responses to phishing range from “totally ineffective” to “mediocre.”

Upgrades PlannedUpgrades Planned

80% of respondents plan to upgrade their phishing prevention and response. Of these, 34% have no immediate plans; 15% plan to upgrade in 3 to 6 months; 25% expect to upgrade in 6 to 12 months; and 20% expect to upgrade in more than a year.

Automated AnalysisAutomated Analysis

Manually analyzing phishing and malware is difficult and time-intensive, so 33% of the senior IT decision-makers surveyed are open to automating the analysis of suspicious emails.

Karen A. Frenkel
Karen A. Frenkel
Karen A. Frenkel is a contributor to CIO Insight. She covers cybersecurity topics such as digital transformation, vulnerabilities, phishing, malware, and information governance.

Latest Articles