phish emails scam spoof click bait

The Underestimation of Phishing Risk by IT Security Professionals

It was shocking to find out that 95% of IT security professionals underestimate phishing risks.  Many of them didn’t fully understand the threating nature behind these scam emails. 

Phishing schemes are still current because they work! Online threat artists know how to manipulate people with psychology to obtain their bank credentials, social security number, or their credit card information. Over 90% of successful breaches begin with a phish email.  Since most multi-level security controls remain unaware of these threats, the organization increase their vulnerability, making them an easier target for a spear phish to succeed.

There are more to these phish than just the typical scam email.  The phish attack vectors expanded to advertisement, search results, pop-ups, social media, text messages, apps, and rogue browser extensions.

64% state that employees lack awareness and training.  Their main concern should be to educate employees so they understand the psychology behind social engineering and phishing threats.

Did you know?!

  • Only 5% of IT security pros realize that phishing is at the start of over 90% of successful breaches.
  • 45% of IT security professions believe they experience 50 or more phishing attacks per month!
  • The top three defenses cited for protecting organizations from phishing:
    1. Employee Awareness Training such as Prilock
    2. Antivirus and Malware Protections
    3. URL Filtration systems
  • Over half of respondents name the growing number of phishing attack vectors (phishing beyond email) as a top 3 concern regarding phishing threats.
  • 2/3 of respondents realize that phishing sites are typically online for less than 24 hours.
  • Only 32% of respondents feel current threat feeds/block lists are adequate to protect users from new phishing sites.