A majority of organizations have a false sense of security regarding their resistance to phishing attacks, according to a new report from researchers at IRONSCALES and Osterman Research.
“The study surveyed 300 IT and security professionals across a variety of industries and geographies and unveiled a troubling paradox — while over 70% of respondents said they feel their current security stack is highly effective against image-based and QR code phishing, 76% reported being compromised by these types of attacks within the past 12 months — highlighting a stark disparity between the perceived and actual effectiveness of current defenses,” the researchers write.
The report found that very few organizations managed to stop every phishing attack from reaching employees’ inboxes, but trained employees were able to avoid falling for these attacks.
“Only 5.5% of organizations in this research claim that they were able to detect and block all emerging types of phishing attacks so that none were released to users’ inboxes,” the researchers write. “At a further 18.8% of organizations, while their email security stack did release phishing attacks to users’ inboxes, no users fell for them.
At these organizations, cybersecurity awareness training appears to have created sufficient skepticism of unexpected and abnormal email messages to stop the phish from succeeding.” The report concludes that organizations must ensure that their employees can recognize new social engineering tactics.
“Organizations must continuously evolve their phishing simulation programs to mirror the latest phishing techniques observed, providing employees with practical and current examples they may see if the organization’s technical measures fail,” the report says. “Some email security vendors are leveraging generative AI to craft micro-targeted phishing simulation tests optimized for each individual.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
IRONSCALES has the story.