Phishing, spear phishing, and whaling attacks are the leading cause of concern for IT professionals in the United States, according to the latest Phishing Response Trends Survey from the leading provider of human phishing defense solutions, PhishMe.
The survey was conducted on two hundred IT executives in the United States, and came from a wide range of industry sectors, including business, healthcare, the financial services, retail, transportation, telecoms, manufacturing, and consumer services.
IT professionals were asked questions about the defenses their organization has in place to mitigate phishing attacks, the biggest concerns about cybersecurity, and how they rated their cybersecurity defenses.
The US Phishing Response Trends Report shows that email-based attacks – phishing, spear phishing and whaling – are still the biggest cybersecurity concern for IT professionals, and that despite increased investment in multi-layered defenses, many IT professionals do not believe their defenses are sufficient to prevent all email-based attacks.
Those attacks are coming thick and fast. IT professionals are having to defend against mass-distributed phishing campaigns, highly targeted phishing attacks, business email compromise scams, whaling attacks, and malware and ransomware. Many businesses feel their response to phishing attack are weak, and that they have little, if any, expertise in phishing prevention.
The threat from phishing and other forms of email-based attacks is considerable. Two thirds of respondents to the survey said they have had to deal with a phishing attack, while one third are having to deal with more than 500 phishing emails each week. 90% of respondents were most worried about email-based attacks and 43% of respondents rated their phishing defenses as totally ineffective to mediocre.
While all respondents said they have multiple layers of security to help defend against phishing attacks, only 26% said they have a dedicated inbox for suspicious emails. One of the biggest problems was a lack of staff. Half of respondents said there were simply too many threats and not enough responders.
“Despite continued investment, phishing emails continue to bypass perimeter technologies to reach employees’ inboxes every day,” said Rohyt Belani, co-founder and CEO of PhishMe.
There is therefore a clear need to train employees how to identify phishing emails and how to respond to them correctly. By training employees to be more security aware and to recognize phishing emails, all employees can become security assets and can assist the IT department in detecting and helping to mitigate phishing threats.