75% of organisations have been hit by spear phishing

Phishing scams are relatively mundane compared to the sophisticated attacks that you read about in the news, but it’s important to remember that sometimes the biggest threats are right at your doorstep. Or, rather, your inbox.

Fortunately, two recent reports have indicated that most organisations are well aware of the threat of phishing. They are certainly helped by the frequency with which their employees are targeted, with Proofpoint’s Understanding Email Fraud Survey finding that 75% of organisations had been hit by at least one spear phishing email.

It also found that 41% of organisations had suffered multiple attacks in the past two years, and that only 40% of organisations have full visibility into email threats.

Commenting on the report, Robert Holmes, vice president of email security products at Proofpoint, said:

Email fraud is highly pervasive and deceptively simple; hackers don’t need to include attachments or URLs, emails are distributed in fewer volumes, and typically impersonate people in authority for maximum impact.

These and other factors make email fraud, also known as business email compromise (BEC), extremely difficult to detect and stop with traditional security tools. Our research underscores that organizations and boardrooms have a duty to equip the entire workforce with the necessary solutions and training to protect everyone against this growing threat.

Phishing is a top concern

Clearswift’s Cyber Threatscape report also highlighted the threat of phishing. The information security organisation polled 600 decision makers and 1,200 employees in the UK, US, Germany and Australia, and found that 59% of respondents said phishing was their biggest concern. It topped the list in all four regions, beating out the threat of employees’ lax attitudes (33%), the vulnerability of removable devices (31%) and failure to remove login access from ex-employees (28%).

According Dr Guy Bunker, senior vice president of products at Clearswift, this report “highlights that businesses need to change the way they’re approaching the task of mitigating these risks. […] The approach should be two-fold, focused on balancing education with a robust technological safety net. This will ultimately help ensure the business stays safe.”

There are several ways you can address the risk of phishing. All organisations should conduct staff awareness courses to educate employees on how phishing scams work and what they can do to mitigate the risk. These courses should be repeated annually to refresh employees’ memories and maintain a workplace culture that prioritises cyber security.

You may also benefit from a thorough re-evaluation of your approach to cyber security. Our Security Awareness Programme does just that, helping you generate tangible and lasting improvements to your organisation’s security awareness. It combines a learning needs assessment to identify the areas that your organisation should focus on, with a series of tools and services to address problems as they arise, including  hands-on support from a specialist consultant, pocket guides and e-learning courses.

Find out more about our Security Awareness Programme >>