Phishing is now the number one cyber threat faced by businesses and it is gaining momentum at an alarming rate; one method that appears to be gaining particular momentum is spear phishing, a method whereby the sender persuades the recipient to share personal information by tricking them into believing they are responding to a trustworthy source.
The Phishing Activity Trends Report released by The Anti-Phishing Working Group (APWG) claimed that in 2016 alone there were over 1.2 million known phishing attacks, a 65% increase on the previous year.
Why are phishing attacks on the rise?
According to Barkly, 30% of phishing emails are opened by the recipient. That’s over 5% greater than the average open rate of legitimate email marketing campaigns, so it’s not surprising that phishing has become such a popular tactic for cyber criminals.
Yet despite the rapid growth in phishing activity, the majority of businesses are being less than proactive when it comes to mitigating the risks.
A recent survey sponsored by Valimail has shown that many US businesses and organizations have insufficient anti-phishing defenses in place. The survey was conducted by the Ponemon Institute and involved 650 IT/IT security professionals from companies of similar employee count and budgets for annual email security and fraud prevention.
Whilst 79% of respondents said that they had experienced a data breach or cyber attack in the past 12 months that certainly or likely involved email, 80% of respondents expressed concerns about their company’s ability to prevent or minimize phishing attacks.
Despite the high number of breaches experienced, only 29% of respondents said that their organization had made significant progress towards addressing the threat from phishing attacks: of these respondents, 69% reported that anti-spam or anti-phishing filters had been implemented and over half used secure email gateway technology. Only 34% said they provide anti-phishing training for employees. On the other hand, over 20% of respondents reported that there had been no developments at all with regard to tackling future cyber attacks.
Failing to prepare is preparing to fail
Although up until now defensive efforts appear to have been slow, organizations are keen to improve their defenses against phishing in the near future. When asked about their plans for next 12 months, 65% of companies said they will be investing in anti-spam filters and 63% will be implementing secure email technology.
Whilst it is important to have sufficient technology in place to tackle cyber attacks, employees must also be made aware about phishing and how to recognise attacks should they occur. 57% of respondents in the survey stated they will be providing anti-phishing training for their staff members in the future to ensure they are confident in dealing with potential situations.
Such investment in email security and training programs comes at a significant cost, and most respondents (56%) believe it would take a serious hacking incident to affect their business for this kind of budget increase to be agreed.