Phishing Remains Top Cyberattack Vector in 2017

Written by

Of all attack vectors, phishing remains the most commonly exploited, and accounts for 90% to 95% of all successful cyberattacks worldwide.

According to the IRONSCALES 2017 Email Security Report, culled from an online survey of 500 cybersecurity professionals, employees are most often victims of spoofing and impersonation (67%), followed by branded (35%) and seasonal attacks (31%).

Malicious emails continue to easily bypass legacy spam filters, firewalls and gateways through increasingly sophisticated CEO fraud and brand spoofing campaigns. Further, due to human nature, unaware or preoccupied users, even those actively engaged in an awareness training program, are easily lured into downloading an attachment or clicking on a malicious email link to inadvertently provide attackers with access to sensitive corporate networks and data.

Even when detected, nearly half of organizations (46%) reported that it takes a day or longer to remove phishing emails from endpoints once a phishing attack is reported to the security team—largely due to a lack of manpower. Accordingly, about three-quarters (72%) of security professionals said they believe automated inbox scanning and email forensics are the most valuable email security technology; and 93% of respondents agree that humans and technology need to work side-by-side in order to better detect and respond to sophisticated email phishing attacks.

On the flip side, almost a quarter (22%) said they could remove them within 30 minutes.

“When time is of the essence, as it is with stopping and minimizing phishing attacks, the integration of human intelligence with technology significantly and effectively expedites prevention, detection and response,” said Eyal Benishti, founder and CEO of IRONSCALES. “With email phishing attacks proliferating in frequency and complexity, it’s positive to find that cybersecurity professionals are beginning to recognize human-machine collaboration as an essential component of their organizations’ phishing response and email security strategies.”

Have you registered for Infosecurity North America taking place in Boston, 04-05 October 2017? For the full agenda, speaker list and more information, please visit

What’s hot on Infosecurity Magazine?