Follow Tweet This Facebook LinkedIn

Main menu

Skip to secondary content
Menu
  • CIO
  • Security
  • Cloud
  • AI
  • Research
  • Events
  • News
  • Videos
  • Podcasts
  • Blogs
  • More
    • Technicity 2019
    • Ingenious Awards 2019
    • Cyber Security Awareness Month
    • CIO Census
    • Last 48 Hours
    • Celebrating 25 Years of CIO Leadership
    • AI Directory
    • Digital Transformation
    • All Categories
    • Slideshows
    • 2019 IT Salary Calculator
    • Blogger Opportunities
    • CIO Security Perspectives
    • Gartner Corner
    • About Us
    • Privacy Policy
    • Digital Magazines
    • Contact Us
  • Subscribe

OUCH! Free Content gets hurt by enabled Ad Blockers

Please consider unblocking us or Subscribe in support of our great non-gated content.
Phishing
Image from Shutterstock.com
Leadership Privacy & Security Public Sector

Five key takeaways from the 2016 ‘State of The Phish’ report

Ryan Patrick
Ryan Patrick
@ryan1patrick
Published: April 25th, 2016
  • Five key takeaways from The State of the Phish 2016 report

    corporate data breach prevention and mitigation

    Phishing — the malicious attempt to skim sensitive data such as usernames, passwords, and credit card details by someone posing as a trustworthy entity in an electronic communication such as email — has gotten more sophisticated and prevalent in the enterprise world.

    Industry research firm Ponemon Institute recently estimated that phishing attacks cost businesses an average of US$3.77 million per year.

    And a recent Wombat Security report, titled State of the Phish 2016, reveals just how the malware approach is impacting businesses and how organizations can develop a successful anti-phishing program.

    Here are some of the key findings:

  • Corporate- and consumer-based email phishing attacks are popular

    unspecified

    The study — a joint effort by security threat awareness vendor Wombat Security and its recently acquired ThreatSim business unit — surveyed security pros across a range of industries including telecommunications, manufacturing, finance and government; it compiled data from the millions of phishing attacks sent through the ThreatSim and Wombat platforms from October 1, 2014, through September 30, 2015, according to the company.

    The report also collected findings from account administrators who sent simulated phishing attacks to their end users. Most administrators used corporate- and consumer-based email templates for their phishing attacks.

    Users were most likely to click on attachments and messages they expected to see in their work inboxes, like an HR document or a shipping confirmation. In addition, one of the most popular attacks, an Urgent Email Password Change request had a 28 per cent click rate, the report noted.

  • Wombat Security’s State of the Phish Report

  • Spear phishing is hitting the mark

    Photo by weerapatkiatdumrong from Thinkstock.com

    The term spear phishing refers to a personalized email that appears to be from an recognized individual or business. Spear phishers often go to great lengths to gather information on key people within an organization in order to craft a personalized and convincing email; the report found that 67 per cent reported experiencing spear phishing attacks in 2015, up 22 per cent from 2014.

    In addition, the report noted emails personalized with a first name had click rates 19 per cent higher than those with no personalization.

    Steps to avoid being a spear phishing attack victim, according to the report, include ensuring staff never give out passwords via email and refraining from logging onto a website via an email link.

  • Telecom firms are most likely to fall victim to phishing
    Screenshot 2016-04-24 21.20.26

    End users in industries such as telecommunications and professional services (consulting, law and accounting firm) seem to click so much more than others, the report reveals, adding that this might be due to industry maturity, age of the overall workforce, or the fact that these industries may not have suffered as many breaches as others.

    At any rate, security professionals in the industries at the higher end of our scale should adopt end-user training policies to ensure they are aware of cybersecurity threats, according to the report.

  • Spam filters are key for phishing protection

    Graphic illustrating data protection

     

    Organizations are overwhelmingly adopting email spam filters to reduce the risk from phishing attacks (99 per cent). This is followed by outbound proxy protection (56 per cent), advanced malware analysis (50 per cent) and URL wrapping (24 per cent).

    In addition, 92 per cent of respondents noted they are training staff how to identify and avoid phishing attacks.

    This includes activities such as annual security awareness training using computer-based training (68 per cent).

  • Steps for developing an anti-phishing action plan

    Plan

    The report outlines key steps for increasing security awareness across the organization. This includes evaluating the current state of phishing attacks and setting objectives for improvement and communicating the program to all appropriate stakeholders.

    This also involves developing a simulated phishing attack to gain a baseline vulnerability, and educating end users on how to identify a safe link and web address in email communications.

    Developing a baseline is key, according to the report, in helping establish a “culture of security awareness” and driving measurable change across the enterprise.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
Tweet This Facebook LinkedIn google+
Leadership, Privacy & Security, Public Sector phishing attacks, security malware, spam, Wombat Security
Mobile Security
CSO Digital: Four security best practices for enterprise mobility
cloud computing
Eight things you should know about cloud computing in the enterprise

About Ryan Patrick
Ryan Patrick

Seasoned technology reporter, editor and senior content producer.

Follow Follow @ryan1patrick on Twitter
Cyber Security Awareness Month
We’re compiling all of our cybersecurity stories right here during the month of October for easy reading.
Read More

Related Content

email, spam

Spammers busiest mid-week and during business hours, says IBM

Traditional cyber attacks are seeing a resurgence: Cisco

Canada Revenue warning scam uses .MSG attachment

Rising spam a sign that Necurs botnet has returned with new payloads

Tweets by itworldca

Follow
Tweet This Facebook LinkedIn google+

Subscribe
Resources CanadianCIO Digital Security CMO Digital CDN Magazine IT Salary Calculator LightningPR Webinars and Events Tech Research Partner Content
IT World Canada Community About Us Contact Us Technology Videos IT News IT Blogs Mobility News Cloud Computing Technology Topics ITWC Talks
ITWC Websites ITWC.ca Channel Daily News.com IT World Canada.com IT Business.ca Direction Informatique.com
© 2019 IT World Canada