More than half of organisations have been successfully phished for valuable intel at least once last year, according to a new report by Proofpoint.
The cybersecurity and compliance company’s new report also states that almost nine in ten organisations worldwide (88 per cent) reported a spear-phishing attempt, while 86 per cent reported BEC attacks (Business Email Compromise). The same percentage reported being attacked through social media, and 84 per cent were targeted through text and SMS messages.
Voice phishing and USB drops were also notable mentions.
Proofpoint also argues that employee training plays a vital role in the cybersecurity chain, given that 78 per cent reported “measurable reductions” in phishing susceptibility following proper education.
“Effective security awareness training must focus on the issues and behaviours that matter most to an organisation’s mission,” said Joe Ferrara, senior vice president and general manager of Security Awareness Training for Proofpoint.
“We recommend taking a people-centric approach to cybersecurity by blending organisation-wide awareness training initiatives with targeted, threat-driven education. The goal is to empower users to recognise and report attacks.”
Proofpoint also claims that end-user email reporting is a critical metric for boosting positive employee behaviour, adding that the volume of reported messages spiked this year, compared to the last one. More than nine million suspicious emails were reported in 2019 – 67 per cent more compared to 2018.
The full report, entitled State of the Phish, can be found here.