Cybercrime

Survey: Awareness Training, Spam Filters Still Leave Users Exposed to Phishing

At the Black Hat conference last month, PhishMe, a company that teaches security awareness to help users identify Phishing and targeted attacks, spoke to 250 security professionals and asked them for basic information on how their organizations deals with, or is impacted by, Phishing attacks. As it turns out, it’s a common issue, and most of the basics steps are doing little to lessen the blow.

Steve Ragan

August 10, 2012

Nearly 70% of those who spoke to PhishMe said that they encounter Phishing messages that slip past anti-Spam filters at least a few times a week. Further, 25% of them said that they see them several times a day.

Spear Phishing has become a popular method of infecting enterprises with malware, according to PhishMe. The survey’s results said that more than one quarter (27%) of those who took part said that top executives or other privileged users had been compromised by Spear Phishing in the last 12 months. Another 31% said they weren’t sure if executives or privileged users had been attacked.

“Many enterprises believe that because they are using spam filtering tools or other email security technologies, they are safe from phishing attacks,” said Scott Greaux, Vice President of Product Management & Services at PhishMe.

“What we found in our survey is that despite such filters, end users are presented with live, malicious attacks in their inboxes nearly every day.”

Additional details from the survey include the fact that awareness training is given yearly (or at least once a year) to 49% of the employees at the respondent’s organization, while 10% said that no awareness training is given.

“This survey demonstrates with great clarity that phishing attacks – particularly targeted attacks – are getting through to end users with alarming regularity, yet most organizations don’t train their users on what the most current attacks look like or how to react to them,” added Aaron Higbee, CTO and co-founder of PhishMe.

Advertisement. Scroll to continue reading.

Written By Steve Ragan

Latest News

Click to comment

CIEM Chat: How to Reduce Cloud Identity Risk

March 26, 2024

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Virtual Event: Ransomware Resilience & Recovery Summit

April 17, 2024

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon

As a security industry, we need to focus our energies on those professionals among us who know how to walk the walk. (Joshua Goldfarb)

SD-WAN: Don’t Build a Dead End, Prepare for Future-Proof Secure Networking

SD-WAN must be scalable, stable, secure, and fully operational to serve as a strong base for seamless modernization and progression to SASE. (Etay Maor)

You Against the World: The Offenders Dilemma

Foreign attackers have many more toolsets at their disposal, so we need to make sure we’re selective about our modeling, preparation and how we assess and fortify ourselves. (Tom Eston)

Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defense Program

With automated, detailed, contextualized threat intelligence, organizations can better anticipate malicious activity and utilize intelligence to speed detection around proven attacks. (Marc Solomon)

Know Your Audience When Speaking to Security Practitioners

How can security practitioners make sense of the vendor landscape and separate those who talk a good game from those who can execute, perform, and solve real problems for enterprises? (Joshua Goldfarb)

Cybercrime

Comodo Forums Hacked via Recently Disclosed vBulletin Vulnerability

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Eduard KovacsOctober 1, 2019