Our colleagues at Phishme released the results of their US Phishing Response Trends Report, which looked at the phishing response strategies of two hundred senior IT security decision-makers across a variety of large industries in the United States.
The report shows that businesses are still the most worried about and least prepared for phishing attacks. In fact, most organizations feel they have little, if any, expertise in anti-phishing and many feel their phishing incident response processes are weak.
Aside from mass-distributed general phishing campaigns, hackers continue to target key individuals in the finance or accounting departments through Business Email Compromise (BEC) scams or CEO email fraud.
By impersonating chief-executives or finance officers, attackers attempt to solicit money transfers or fast wires of cash from unsuspecting targets and will also use those scams to deploy dangerous malware or Ransomware.
According to the FBI's Internet Crime Complaint Center (IC3), BEC attacks have generated more than $5.3 billion USD in actual and attempted losses, affecting more than 131 countries world-wide.
More than 50% of businesses that responded have revenues exceeding $1.5 billion and represented a wide variety of industries, including business services, high tech, healthcare, retail, telecom, manufacturing and more.
Key findings of the report:
- One third of respondents see more than 500 suspicious emails weekly.
- Yet, only 26% of surveyed IT executives have a dedicated inbox for suspicious emails.
- 100% of respondents have layers of security solutions in place to help them combat email and phishing threats.
- Two thirds of surveyed IT executives have dealt with a security incident originating with a deceptive email.
- 90% worry most about email-related threats: spear phishing, phishing in general or whaling.
- Half of respondents say their biggest challenge is too many threats and too few responders.
- 43% of respondents say their phishing response ranged from "totally ineffective" to "mediocre.
- 80% of surveyed IT execs plan to upgrade their phishing prevention and response.
This is excellent ammo to get (more) IT Security budget. Here is the Press Release with a link to the download: