Study finds organisations still plagued by phishing emails

Study finds organisations still plagued by phishing emails

A study has found that 54% of organisations continue to be plagued by phishing emails

A study has found that 54% of organisations continue to be plagued by phishing emails with 85% of respondents agreeing that employees need better inbox tools to detect sophisticated messages.

IRONSCALES also asked the 300 IT and security professionals spoken with during this year’s Infosecurity Europe how prepared their organisation was to deal with email phishing. On a scale of one to 10, with 10 being very effective, just 10% awarded themselves the top mark, with 43% giving themselves seven or lower.

Speaking about the results from its study, Eyal Benishti, CEO and Founder of IRONSCALES, said: “Organisations today are still struggling to deflect the threat posed by email borne attacks as both our study and headlines the world over, have shown.

“Over half of the respondents polled admitted to being plagued by phishing emails and, as the respondents worked through the questions, it quickly became apparent that there was a disconnect between what people perceive or are willing to admit their position to be and the reality.

“In fact, few had an adequate reporting mechanism to determine just how many messages were being received and those left unreported, with even fewer having email forensic capabilities. By their own admission many could not be confident that they were holistically protected against phishing emails.”

When asked how the security team are alerted that a rogue message had been received, few had an automated process with just 24% confirming they have a ‘report’ button within their email client. Worrying, 41% confirmed that they do not automate this process at all, instead relying on an email address for users to forward messages received.

Eyal said: “Phishing messages continue to evade current email security solutions, the failure is evident as, every day, these solutions allow malicious emails to slip past to land in mailboxes. Having an email address for rogue messages to be sent to is akin to catching fish with your bare hands – you might get one or two but you’ll be exhausted from the effort.

“The process is reliant on a member of the SOC or IT team physically monitoring reported messages, spotting the threat and taking appropriate action. On average it takes just 82 seconds between a phishing email passing through the gateway and the first user interacting with the rogue message, so speed is essential. Our 2017 trend report showed that, when implementing our technology, the majority of threats can be remediated within 60 seconds.

“Depending on size of organisation, manually triaging reported emails could be a mammoth task with no way for the security team to correlate patterns, group messages together nor remediate the threat across the enterprise should a particularly nasty attack be identified to stop other less observant users clicking on the message and unleashing its payload.”

For more information on IRONSCALES, visit ironscales.com

 

 

Browse our latest issue

Intelligent CISO

View Magazine Archive