A new report from Cofense (formerly PhishMe) has revealed the majority of EU firms do not feel they are well prepared to deal with phishing attacks.
Phishing is a major threat to businesses of all sizes. Enterprises and SMBs must deal with spray and pray campaigns as well as targeted phishing attacks on their organization and highly targeted spear phishing attacks on specific groups of employees.
The data for the European Phishing Response Trends Report come from a recent survey conducted on 400 IT professionals at European firms in a wide range of industry sectors.
78% of respondents said that they had already experienced a cyberattack that started with a phishing email. While businesses in Europe have had practice at dealing with the attacks, they still feel they are not well prepared. 57% of respondents said their organizations was unprepared for a phishing attack and that they struggle to respond to the large numbers of phishing emails they receive each day.
The report suggests the UK is the most phished nation in Europe. More than 23% of respondents said they are receiving in excess of 500 phishing emails a week. The Netherlands was in second place with 22% of respondents saying they receive 500 or more phishing emails a week, followed by France on 20%, Germany on 18%, and Belgium on 16%.
Cofense points out in the report that the findings were similar to its corresponding US survey, yet one area where the two locations differ is the use of automated email analysis solutions to identify phishing threats and provide help with the response. In the US, only 33% of companies saw these solutions as an effective way of mitigating email-based attacks, whereas in the EU they were a wish list item for 59% of companies.
The survey confirms that phishing is perceived to be the biggest security threat in the EU. The biggest stumbling block preventing firms from dealing with the risk is poorly integrated security systems.
What is clear from the survey is technological phishing defenses can only go so far. They will certainly block the majority of phishing emails from being delivered, but a majority is not enough. With phishing emails still arriving in inboxes, it is essential that employees are trained to recognize threats and respond appropriately.
If employees are conditioned to be first responders and have the solutions in place to be able to quickly report phishing emails to their security teams, action can be taken to mitigate the threat before access to email accounts and networks is gained by the attackers.