Spear phishing incidents cost firms an average of $1.6 million
14 January 2016 |
Cyber attacks adopting the social engineering tactic of spear phishing have continued to rise over the last year and cost firms around the world millions of dollars.
Spear phishing attacks cost companies an average of US $1.6 million, a new survey has found.
This is even higher for US companies, where spear phishing incidents cost $1.8 million, with cyber criminals continuing to target employees’ emails.
The survey, conducted by tech market research firm Vanson Bourne and security firm Cloudmark, discovered that spear phishing was the chosen attack vector for 38 per cent of all cyber attacks conducted in the last year.
Companies found themselves repeatedly subjected to the threat posed by spear phishing, with 90 per cent of all firms experiencing attacks targeting employee emails.
Nearly three quarters of IT decision makers said that spear phishing continually posed a significant threat to their organisation.
20 per cent said it constituted their organisations’ most serious security concern, while a further 42 per cent said spear phishing was in their companies’ top three concerns.
Phishing intelligence firm PhishMe announced in December that nine in ten employees would open a phishing email on the same day they received it.
Verizon’s findings were even more alarming: the firm’s 2015 Data Breach Investigations Report found that almost half of all spear phishing victims opened emails and clicked links within an hour of receiving them.
IT decision makers also lacked confidence in their companies’ ability to defend against spear phishing attacks, with 33 per cent of US respondents and 28 per cent of overall respondents believing attackers would be successful in reaching their targets.
Additional findings included a significant increase in the number of whaling attacks, with 27 per cent of respondents saying their companies’ CEOs had been targeted and 17 per cent reporting that their CFOs had experienced whaling attempts.
On average, respondents had experienced a total of 10 attempted whaling attacks in the last 12 months alone.
However, research by the Ponemon Institute indicates that companies can successfully tackle spear phishing with adequate training measures for staff.
“With the wealth of information about individuals and organisations now available online, cyber criminals can easily craft targeted attacks to gain access to valuable personal and financial information,” said George Riedel, CEO of Cloudmark.
“Spear phishing has emerged to become one of the largest threats facing enterprises today.
“Based on our conversations with customers, partners and enterprise IT decision makers, it is glaringly apparent that organizations across industries are struggling to combat spear phishing threats.”
The full report is available from Cloudmark’s website.