11 January 2018
Phishing identified as most concerning security threat in two local reports
Two recently released reports have highlighted that Phishing attacks continue to be a major threat and problem for organisations in Australia and New Zealand.
A report coming out of Australia which was commissioned in Q1 2017 by PhishMe and delivered by Censuswide (an international market survey consultancy) shows that 89% of Australian IT professionals surveyed have dealt with security incidents originating from deceptive emails, yet nearly half feel unprepared to respond to such threats.
The report highlights that despite technology investments, Australian-based organisations are flooded with suspicious emails targeting employees. 85% of respondents confirmed to be utilising computer based training solutions and 66% are using email gateway filtering to protect against phishing attacks.
According to the Ponemon Institute, malicious or criminal attacks account for 48% of data breaches in Australia, with the number of yearly attacks averaging 18,000. In line with phishing response trends emerging from the US and UK markets, Australian-based organisations claimed to be almost as unprepared to combat phishing attacks despite having dealt with more email-related incidents.
Key findings from the survey include:
- 89% have dealt with security incidents originating from a deceptive email
- More than 60% have faced an email threat more than once
- Over a third of respondents see more than 500 suspicious emails weekly
- Nearly all respondents have between one and four security layers already in place
- Email-related threats are Australia’s biggest security concern
- Over 50% of respondents highlighted technology alone isn’t the answer to phishing
- 95% of surveyed IT professionals plan to upgrade their phishing response and prevention
To compile the Australian report Censuswide surveyed one hundred select IT professionals, largely senior decision makers, on phishing response strategies. The sample represented firms belonging to a variety of industries including business services, high tech, manufacturing, healthcare, financial, retail & wholesale trades, transportation, consumer services and telecommunications. All participants joined voluntarily and no telemarketing techniques were implemented.
Even with record investments, the number of breaches attributed to phishing attacks continues to grow. It’s obvious that technology alone can’t solve the problem. That’s why PhishMe solutions focus on engaging the human–your last line of defence after a phish bypasses other technology–for better prevention and response. PhishMe delivers a comprehensive human phishing defence platform focused on fortifying employees and enabling incident response teams to quickly analyse and respond to targeted phishing attacks.
Meanwhile in New Zealand the latest NCSC Cyber Threat Report outlines that they recorded 396 incidents for the 2016-17 year, an increase of 58 over the previous year. Phishing remains the most common delivery mechanism for threats because individual users remain vulnerable to deception, frequently clicking on malicious links or opening malicious attachments.
The report goes on to say that the ongoing success of common techniques, such as Phishing and publically known vulnerabilities, demonstrates that adversaries are able to stay ahead without much effort. Their report unfortunately does not breakout local statistics on Phishing.
So what to do ?
NCSC don’t see that phishing activity will decrease in the near future and nearly half of the surveyed organisations in Australia stated that they feel ill-prepared to process and adequately respond to such threats.
Kaon Security has been working with PhishMe, the leading provider of human-focused phishing defence solutions for organisations concerned about their susceptibility to today’s top attack vector.
Phishing is the primary method of entry in cyber-attacks world-wide and many high profile breaches emanate from a single, successful phish. Since it typically takes more than 200 days to detect a breach, organisations need to focus their efforts on prevention and response to neutralise these highly successful attack methods.
To view NCSC report Click Here
The full report from Census and PhishMe is available for Download Here.