Findings show that despite having layers of security technologies in place, phishing remains top concern for IT executives.
LEESBURG, VA. – September 6, 2017 – Today PhishMe®, the leading provider of human phishing defense solutions, released the results of its US Phishing Response Trends Report, which looked at the phishing response strategies of two hundred senior IT Security decision-makers across a variety of industries in the United States.
The report shows that businesses are still the most worried about and least prepared for phishing attacks. In fact, most organizations feel they have little, if any, expertise in anti-phishing and many feel their phishing incident response processes are weak.
Aside from mass-distributed general phishing campaigns, hackers continue to target key individuals in the finance or accounting departments through Business Email Compromise (BEC) scams or CEO email fraud. By impersonating chief-executives or finance officers, attackers attempt to solicit money transfers or fast wires of cash from unsuspecting targets and will also use those scams to deploy dangerous malware or Ransomware. According to the FBI’s Internet Crime Complaint Center (IC3), BEC attacks have generated more than $5.3 billion USD in actual and attempted losses, affecting more than 131 countries world-wide.
More than 50% of businesses that responded have revenues exceeding $1.5 billion and represented a wide variety of industries, including business services, high tech, healthcare, retail, telecom, manufacturing and more.
Key findings of the report, include:
- One third of respondents see more than 500 suspicious emails weekly
- Yet, only 26% of surveyed IT executives have a dedicated inbox for suspicious emails
- 100% of respondents have layers of security solutions in place to help them combat email and phishing threats
- Two thirds of surveyed IT executives have dealt with a security incident originating with a deceptive email
- 90% worry most about email-related threats: spear phishing, phishing in general or whaling
- Half of respondents say their biggest challenge is too many threats and too few responders
- 43% of respondents say their phishing response ranged from “totally ineffective” to “mediocre”
- 80% of surveyed IT execs plan to upgrade their phishing prevention and response.
“Despite continued investment, phishing emails continue to bypass perimeter technologies to reach employees’ inboxes every day,” said Rohyt Belani, co-founder and CEO of PhishMe. “However, conditioned employees often report these emails to their internal security teams via an abuse inbox. Our goal at PhishMe is to help incident response teams across the world to rapidly process the abuse inbox by weeding out the benign emails from the malicious ones and operationalizing the blocking of the latter via automation and orchestration.”
The full report is available for download here: https://cofense.com/phishing-response-trends
To learn more about PhishMe’s phishing incident solutions, please visit: cofense.staging.wpengine.com
This study was commissioned by PhishMe and delivered by Gatepoint Research, an independent market research organization. Gatepoint Research surveyed two hundred select IT executives, largely senior decision-makers, on phishing response strategies. They represented firms in a wide variety of industries, including but not limited to business services, high tech, primary manufacturing, healthcare, financial services, retail trade, wholesale trade, transportation, consumer services, and telecom services. Businesses of all sizes from small or mid-market firms to Fortune 1000 companies were included in the sample.
PhishMe is the leading provider of human-focused phishing defense solutions for organizations concerned about their susceptibility to today’s top attack vector — spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report and mitigate spear phishing, malware and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision-making process. PhishMe’s customers include the defense industrial base, energy, financial services, healthcare and manufacturing industries, as well as other Global 1000 entities that understand how changing user security behavior will improve security, aid incident response and reduce the risk of compromise.