Phishing attacks continue to wage war against organizations, with 76% of organizations reportedly experiencing phishing attacks in 2017.
The State of the Phish research report found that almost half of information security professionals surveyed claim the rate of phishing attacks increased from 2016, leaving many concerned with what the state of 2018 will look like.
The survey found that the impacts of phishing were more broadly felt in 2017 compared to 2016, with an 80% increase in reports of malware infections, account compromise, and data loss related to phishing attacks. It also found disturbing data on an emerging threat, smishing (SMS/text message phishing), where 45% of information security professionals reported experiencing phishing via phone call (vishing) and smishing.
The firm notes that the silver lining in these findings is the continued momentum for anti-phishing education. They found that for the fourth year in a row, the number of organizations training their users on phishing avoidance has increased. They also found there’s been an increased use of computer-based training, with 79% of organizations offering training in 2017 compared to 62% in 2016.
NNT CTO, Mark Kedgley, comments “Phishing is hardly anything new, and ever increasing. The only thing that is a certainty in these instances is that the risk of a breach is a constant. A two-pronged approach is the only way to go – get layered defenses in place (don’t overlook the newer Microsoft features like EMET and AppLocker), but also back it up with real-time host intrusion detection through File Integrity Monitoring (FIM) , ensuring that if a cyber-attack proves successful at the very least you get to know about it.”
Read the article on InfoSecurity Magazine