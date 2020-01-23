Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

Over Half of Organizations Were Successfully Phished in 2019

An annual report into the virulence of phishing scams has found that more than half of organizations dealt with at least one successful phishing attack in 2019. 

The 2020 "State of the Phish" report, by cybersecurity and compliance firm Proofpoint, was produced using data from nearly 50 million simulated phishing attacks sent by Proofpoint to end users over a one-year period. In addition, researchers combed through third-party survey responses from more than 600 information security professionals and analyzed the fundamental cybersecurity knowledge of more than 3,500 working adults in the US, Australia, France, Germany, Japan, Spain, and the UK.

Among the key findings, 55 percent of surveyed organizations dealt with at least one successful phishing attack in 2019, and infosecurity professionals reported a high frequency of social engineering attempts across a range of methods.

Other forms of attack reflect cyber-criminals' continued focus on compromising individual end users. Spear-phishing attacks were reported by 88 percent of organizations worldwide, while 86 percent reported business email compromise (BEC) attacks and social media attacks. 

Phishing via text/SMS, also known as smishing, struck 84 percent of organizations, while 83 percent reported experiencing voice phishing, or "vishing." Malicious USB drops had caused problems for 81 percent of organizations surveyed. 

On a more positive note, the sixth annual "State of the Phish" report revealed that equipping individuals with instructions on how to avoid taking the phishers' bait garnered good results. Seventy-eight percent of organizations reported that security awareness training activities resulted in measurable reductions in phishing susceptibility.

“Effective security awareness training must focus on the issues and behaviors that matter most to an organization’s mission,” said Joe Ferrara, senior vice president and general manager of security awareness training for Proofpoint. 

“We recommend taking a people-centric approach to cybersecurity by blending organization-wide awareness training initiatives with targeted, threat-driven education. The goal is to empower users to recognize and report attacks.”

Proofpoint researchers noted an increase in the volume of reported phishing messages and identified a trend toward more targeted, personalized attacks carried out over bulk campaigns.

The volume of reported messages jumped significantly year on year, with end users reporting more than nine million suspicious emails in 2019, an increase of 67 percent over 2018.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Over 2000 WordPress Sites Hit by Malicious Redirects

2
News

Microsoft Exposes 250 Million Call Center Records in Privacy Snafu

3
News

Zynga Breach Hit 173 Million Accounts

4
News

Zero-Day IE Bug is Being Exploited in the Wild

5
News

Data on 30,000 Cannabis Users Exposed in Cloud Leak

6
News

US County Suffers Two Cyber-attacks in Three Weeks

1
Webinar

2FA or MFA: Which Authentication is Right for Your Business?

2
News

US Cybersecurity Agency Issues Emotet Warning

3
News

US County Suffers Two Cyber-attacks in Three Weeks

4
News

Over Half of Organizations Were Successfully Phished in 2019

5
Blog

Security by Sector: Healthcare Orgs Continue to Suffer Security Headaches

6
News

Over 2000 WordPress Sites Hit by Malicious Redirects

1
Webinar

Strategies to Scale and Upskill Your Security Team

2
Webinar

New Year, New Decade, New Threats and Challenges

3
Webinar

Leveraging ISO 27001 to Manage Cyber & Information Security Risks

4
Webinar

Authentication Standards in 2019: Why Passwords Remain Problematic, and Future Solutions

5
Webinar

Automation in Data File Transfer: Improving Security and Saving You Time

6
Webinar

2FA or MFA: Which Authentication is Right for Your Business?

1
Blog

How 2019’s Worst Corporate Hacks Could Have Been Prevented

2
Blog

Security by Sector: Travel and Hospitality Industries Extend Security-Sharing Community

3
Blog

How to Prevent Your Business Being Hacked

4
Interview

Interview: Timur Kovalev, Chief Technology Officer, Untangle

5
News Feature

Rolling Vulnerability and Patch Management into Detection and Response

6
Opinion

Do We Need More Cyber Hygiene?