Phishing Has Been the Leading Vector for Cyberattacks in 2017

By Richard Anderson

A recent email security report from anti-phishing vendor IronScales shows that throughout 2017, the leading cyberattack vector is phishing emails, which account for almost 95% of successful cyberattacks.

For the report, IronScales surveyed 500 cybersecurity professionals and asked questions about recent cyberattacks, their causes, mitigating those attacks, and cybersecurity defenses deployed to block attacks.

Even though many of the organizations represented in this survey had implemented defenses to prevent phishing emails from being delivered, emails were still reaching end users’ inboxes. Emails were found to be bypassing spam filters, firewalls, and gateway solutions. Busy and distracted employees were responding to those emails and installing malware or disclosing their login credentials.

The most common types of phishing emails to fool employees were spoofing and impersonation attacks (67%), branded phishing emails (35%) and seasonal attacks (31%).

When asked about the main challenged they faced, the top answer from IT security professionals was the detection, mitigation, and remediation of email phishing attacks.

When phishing attacks occur, they often involve multiple messages. While 22% of respondents were able to mitigate the threat inside 30 minutes, 46% of respondents said it can take a day or more before the threat is mitigated and all copies of the email are removed.

During that time, several employees may fall for the scam and reveal their credentials. The main problem with mitigating the threat is a lack of manpower. IT teams are simply too busy to respond quickly to all phishing messages that make it past spam defenses and are delivered to inboxes.

When asked about the most important email security technology to deploy, 72% of IT security professionals said automated inbox scanning and email forensics solutions was the most important and valuable.

93% of respondents agreed that effective email security required a combination of technology and human solutions, such as end user training.

Twitter Facebook LinkedIn Reddit Link copied to clipboard

Posted by

Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news