New data makes it crystal clear that spear phishing is a real problem… and organizations may not properly be prepared to detect and address it.
Cybercriminals know the more targeted a phishing attack – from the email theming to the impersonation to the intended victim – the more likely the attack will be a success.
According to Barracuda’s 2023 Spear-Phishing Trends report, this is exactly what’s happening:
- 50% of organizations were victims of spear phishing in the last 12 months
- 1 in 4 organizations had at least one email account compromised in 2022
- A typical organization receives 5 highly personalized spear phishing emails per day
With all this spear phishing, how well are organizations responding? According to the report, while we’re measuring in hours instead of days or weeks, the response time is still material:
- On average, it takes organizations nearly 100 hours to identify, respond to, and remediate a post-delivery email threat
- It takes 43 hours to detect the attack and 56 hours to respond and remediate after the attack is detected
100 hours is plenty of time for a threat actor to wreak havoc within an organization, making it far more logical to work to prevent such attacks. That's something that new-school security awareness training can prevent AND a lightweight security orchestration, automation and response platform can allow SOC teams to cut through the inbox noise and respond to spear phishing threats more quickly and efficiently."