Phishing Prevails Despite Investments in Security

 
 
By Karen A. Frenkel  |  Posted 09-26-2017 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Phishing Prevails Despite Investments in Security
    Next

    Phishing Prevails Despite Investments in Security

    Despite layered security at most organizations, phishing attacks continue, but trained workers are good at detecting attacks such as business email compromises.
  • Previous
    Phishing Continues
    Next

    Phishing Continues

    66% of the senior IT decision-makers surveyed said their company has experienced a phishing-related incident, and most still worry about email-related threats.
  • Previous
    Suspicious Emails Reported Weekly
    Next

    Suspicious Emails Reported Weekly

    1 to 50 emails: 36%, 51 to 100 emails: 17%, 101 to 500 emails: 17%, 501 to 1,000 emails: 10%, 1,000 or more emails: 21%
  • Previous
    Lacking Resources
    Next

    Lacking Resources

    Only 26% of respondents said they have an inbox for users to manually submit a suspicious email. 55% have a help desk, but such teams can be overwhelmed with suspicious email reports.
  • Previous
    Top Layers Of Security
    Next

    Top Layers Of Security

    Email gateway filtering: 85%, Anti-malware solution: 80%, Computer-based training: 66%, Security information: 59%, URL analysis solutions: 56%
  • Previous
    Deceptive Email Incidents
    Next

    Deceptive Email Incidents

    65% of respondents have experienced an email-related security incident, and an additional 20% are not sure whether an incident was caused by emails or something else.
  • Previous
    Threats Causing the Most Concern
    Next

    Threats Causing the Most Concern

    Spear-phishing: 40% Phishing: 30% Whaling: 20%
  • Previous
    Top Challenges Related to Phishing
    Next

    Top Challenges Related to Phishing

    Lack of human resources: 46% Multiple layers of security solutions: 42% Inability to analyze threat data: 35% Difficulty categorizing threats: 32% Too many false alerts: 29%
  • Previous
    Feeling Insecure
    Next

    Feeling Insecure

    43% of respondents said their responses to phishing range from "totally ineffective" to "mediocre."
  • Previous
    Upgrades Planned
    Next

    Upgrades Planned

    80% of respondents plan to upgrade their phishing prevention and response. Of these, 34% have no immediate plans; 15% plan to upgrade in 3 to 6 months; 25% expect to upgrade in 6 to 12 months; and 20% expect to upgrade in more than a year.
  • Previous
    Automated Analysis
    Next

    Automated Analysis

    Manually analyzing phishing and malware is difficult and time-intensive, so 33% of the senior IT decision-makers surveyed are open to automating the analysis of suspicious emails.
 

Despite their investments in security technology, most organizations have been subjected to phishing attacks, and they continue to worry about email-related threats, according to a new survey report, "Phishing Response Trends," which was commissioned by PhishMe. Only slightly more than half of the survey respondents believe that they have sufficient controls in place to protect their company. According to the report, gateway filtering and anti-malware solutions work only up to a point, and trained employees are better at detecting attacks such as business email compromises. Also, human-reported intelligence can be invaluable to incident responders, who can then use automation to analyze and react. "Businesses are flooded with suspicious emails targeting employees, but are ill-prepared to process and respond to those threats," the report said, "Most organizations feel they have little, if any, expertise in anti-phishing and may feel their incident response processes are weak." Gatepoint Research surveyed 200 senior IT decision-makers from a wide variety of industries.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login Register