More than 90% of successful cyber attacks worldwide begin with a phishing email

IRONSCALES’ 2017 Email Security Report has revealed that 90–95% of all successful cyber attacks around the world begin with a phishing email. Cyber criminals are adopting and deploying increasingly sophisticated techniques to bypass spam filters and firewalls. Human nature and unaware or preoccupied users are considered contributing factors as they can often be tempted to download a file or click a malicious link that gives criminals access.

Of the 500 cybersecurity employees surveyed, the top “challenge” that security teams have to deal with is the “detection, mitigation, and remediation of email phishing attacks.”

Key findings:

  • 46% advised that it can take more than a day to remove phishing emails from endpoints once an attack has occurred and has been reported to the security team.
  • 67% of employees fall victim to spoofing and impersonation, 35% to branded attacks, and 31% to seasonal attacks.
  • 93% agreed that humans and technology need to work together in order to detect and respond to phishing attacks effectively.
  • 72% think that email scanning and forensic software is the most valuable email security technology.

Eyal Benishti, founder and CEO of IRONSCALES, said:

When time is of the essence, as it is with stopping and minimizing phishing attacks, the integration of human intelligence with technology significantly and effectively expedites prevention, detection, and response. With email phishing attacks proliferating in frequency and complexity, it’s positive to find that cybersecurity professionals are beginning to recognize human-machine collaboration as an essential component of their organizations’ phishing response and email security strategies.

If your staff are able to identify and correctly respond to a malicious email, the danger can be mitigated. With phishing attacks increasing in sophistication and frequency, these findings highlight the importance of training staff.

Protect your organization and educate your staff 

No matter how effective your spam filter is, a spoof email could bypass it, making your organization’s staff the last line of defense against fraud. It is therefore vital that your staff are aware of the risks of phishing emails. eLearning courses are an efficient, cost-effective method of training all your staff with minimal disruption.

To establish how vulnerable your organization is to the threat of phishing, consider our Simulated Phishing Attack. The service provides an independent assessment of employee susceptibility, and benchmarks your security awareness campaigns. It can help you to:

  • Satisfy compliance and regulatory requirements
  • Adapt future testing to areas and employees at greatest risk
  • Reduce the number of employee clicks on malicious emails

Our Phishing Staff Awareness Course gives your staff an introduction to understanding and spotting phishing scams, and helps reduce the chance that an employee will hand over confidential information or inadvertently infect your organization’s systems.

Find out more >>