InfoSec Professionals Report Increase in Phishing and Incidences Leading to Compromised Accounts
According to a recent survey from ProofPoint, more than 80 percent of information security (infosec) professionals saw an increase in phishing attacks in 2018 while nearly two-thirds reported an increase in spear phishing. Meanwhile, those who reported compromised accounts as a result of phishing attacks increased from 38 percent of infosec professionals in 2017 to 65 percent today.
In this context, phishing refers to fraudulent emails targeting an organization’s employees from an outside or untrusted source, and 83 percent of infosec professionals surveyed say these attacks increased last year. Nearly half of respondents reported malware infections as the result of phishing attacks mimicking their organization and 65 percent reported compromised account credentials. This is according to the 2019 State of the Phish Report from ProofPoint.
When it comes to preventing phishing against customers or account holders organizations can offer education and reporting on recent or current phishing attacks. A broader survey from ProofPoint asked consumers from the US, UK and Germany if they knew what phishing is. Overall just 65 percent of US consumers answered the question correctly, compared 72 percent in the UK. Younger age groups were less likely to know what phishing is while baby boomers, those who were age 54 and older in 2018, are the most likely to know what phishing is at 73 percent. This compares to 47 percent of respondents between 18 and 21 years of age and 56 percent of those between 22 and 37 years old.
Spear phishing has also increased and even more so in North America where 67 percent of survey respondents reported an increase in spear phishing attacks against those within their organization compared to 64 percent globally. Spear phishing is targeted phishing attacks that come from or purport to be from a known and trusted email address. Organizations are making strides to help employees become less susceptible to phishing, 95 percent of organizations say they train end users identify spear phishing attacks.
For more information: