Most IT security Professionals Underestimate Phishing Risks

Results from a recent survey by SlashNext has revealed that most professionals in IT security lack the understanding surrounding risks of short-lived, yet dangerous, phishing attacks online. The survey was performed over a 5-day period with 300 IT security decision makers in midsized firms in the US. A query found that 95 per cent of these respondents underestimate the threats of phishing. This demonstrates a strong lack of understanding. It also shows a risk of gaps in the protection against modern, fast-moving phishing attacks.

Most Companies need more Defense against Phishing Risks

According to the SlashNext 2018 phishing survey, the majority of companies don’t have defences against threats online that are good enough. The growing threat is, in fact, something that many professionals don’t seem to understand. Modern phishing attacks are often used for the purpose of breaching networks. However, the survey found that only 5 per cent of those in the survey recognise this.

14 per cent of respondents in the survey think they experience in excess of 500 phishing attacks a month. 45 per cent believe that they are targeted with more than 50 phishing attacks per month. However, phishing attacks that occur on the web are often quite different to typical phishing emails. The survey noted that there is a particular distinction between the two. Fast moving phishing threats on the web are often short-lived.

Alternative Routes

Targeted phishing attacks are expanded into ads as well as through search results. They also use pop-ups, social media, IM and chat applications, rogue browser extensions and apps. These threats on the web or through free apps are getting increasingly frequent. Given that, more than half of those who took part in the survey identified phishing attack vectors beyond email as the third most concerning threat. Only 32 per cent of survey participants say that their existing threat feeds and block lists provide sufficient protections.

Spoof websites and insufficient employee training were the top two concerns for phishing attacks. 64 per cent of those who took part in the survey expressed their concerns with their current employee awareness training.

“Phishing tactics have evolved to using very fast-moving phishing sites and attack vectors that evade existing security controls. And with such legitimate-looking phishing sites manipulating users, there is little to protect employees, not even phishing awareness training,” said Atif Mushtaq, CEO and founder of SlashNext, in a press release. “The solution involves a phishing detection system that can analyze and detect malicious sites like a team of cybersecurity researchers but do it in real time to protect users.”

Join us for ESRM UK

Many security professionals don’t always define information and security risk management as a core business function for both financial performance and customer satisfaction. The need to adopt a holistic approach has never been more pressing as the methods to collect, share and store data continues to increase in complexity and diversity. Join us in March for our Enterprise Security and Risk Management Conference in London to address this issue with other IT security decision-makers in the industry.