Security Experts:

Survey: Awareness Training, Spam Filters Still Leave Users Exposed to Phishing

At the Black Hat conference last month, PhishMe, a company that teaches security awareness to help users identify Phishing and targeted attacks, spoke to 250 security professionals and asked them for basic information on how their organizations deals with, or is impacted by, Phishing attacks. As it turns out, it’s a common issue, and most of the basics steps are doing little to lessen the blow.

Nearly 70% of those who spoke to PhishMe said that they encounter Phishing messages that slip past anti-Spam filters at least a few times a week. Further, 25% of them said that they see them several times a day.

Spear Phishing has become a popular method of infecting enterprises with malware, according to PhishMe. The survey’s results said that more than one quarter (27%) of those who took part said that top executives or other privileged users had been compromised by Spear Phishing in the last 12 months. Another 31% said they weren't sure if executives or privileged users had been attacked.

RelatedSecuring Against the APT – Integrating Security More Effectively Into the Enterprise

"Many enterprises believe that because they are using spam filtering tools or other email security technologies, they are safe from phishing attacks," said Scott Greaux, Vice President of Product Management & Services at PhishMe.

"What we found in our survey is that despite such filters, end users are presented with live, malicious attacks in their inboxes nearly every day."

Additional details from the survey include the fact that awareness training is given yearly (or at least once a year) to 49% of the employees at the respondent’s organization, while 10% said that no awareness training is given.

"This survey demonstrates with great clarity that phishing attacks – particularly targeted attacks – are getting through to end users with alarming regularity, yet most organizations don't train their users on what the most current attacks look like or how to react to them," added Aaron Higbee, CTO and co-founder of PhishMe.

Related NewsPhishMe Lands $2.5 Million To Help Employees Recognize Evil Emails

Related NewsAdvanced Persistent Threats and The Pillage of America

Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.