93% of Organizations Cite Phishing as Top Threat
Email remains the vector of choice for cyber threat actors with the majority of organizations citing phishing as their top perceived threat, according to a new survey from Dimensional Research and Barracuda Networks.
With the rise of more complex, advanced threats, such as account hijacking and spear-phishing, the majority of organizations have faced attacks in just the last year, according to a survey of more than 600 IT professionals responsible for corporate email security.
“On average, more than four-fifths (82%) of organizations claim to have faced an attempted email-based security threat in the past year, although the figures differ slightly by global region,” the report said.
The survey results revealed that despite growing confidence in security measures and awareness, concerns over phishing continue to rise, particularly given the reality that attack methods continue to evolve and target victims with social engineering. Nearly all (93%) of respondents said they are worried about business email compromise (BEC). With the prevalence of BEC and account takeover attacks, 79% of organizations are concerned about potential insider threats and other account hijacking attacks.
Oddly, 63% of organizations also reported that they feel more secure than ever. The report noted that organizations should treat this feeling of confidence with caution. “If an organization lacks the tools to accurately detect threats, it may have a false sense of security. APAC companies are the most likely to feel their security has improved, while EMEA companies are the least likely,” the report said.
When asked about the impact of email threats, 48% of participants said they had a loss of employee productivity and 36% said they experienced downtime and business disruption. When asked about breaches, 78% of participants confessed that that breach costs are also increasing, both monetary- and productivity-wise.
The survey also found a pitfall in terms of security spend. “Organizations are clearly under-investing in tools designed to protect email beyond the traditional security gateway. Just a quarter or fewer had automated incident response, dedicated spear-phishing protection or tools to prevent account takeover.”
Source: Information Security Magazine