It takes 25 minutes for a successful phishing attempt

Do you know how long it takes for a hacker to create a phishing campaign, send it out and get access to corporate data in return? Twenty-five minutes.

That’s right, it takes less than half an hour to get everything done. The news comes from Duo Security, a cloud-based trusted access provider. Last month, it launched Duo Insight, a free phishing simulation tool, which has since then been used by 400 companies.

A total of 11,542 users received a fake phishing email, and the results say that almost a third (31 per cent) of organisations are at risk of a data breach.

In a real-world scenario, a hacker needs only five minutes to set up a phishing campaign, and within 25 minutes can get access to corporate data, leading to a data breach.

A third (31 per cent) of employees clicked the link in the phishing simulation email. Unsecure internet browsers, plugins such as Java or Flash, as well as out of data operating systems were seen as biggest vulnerabilities.

Seventeen per cent of users logged into fake sites, giving attackers simple access to their corporate data.

Duo Security says its tool can help IT administrators identify potential security weaknesses and use the data as an argument to invest in stronger security solutions.

The tool can also be used to better understand the security health of all the devices accessing a corporate network. You can check out the tool here.