Anti-Spam Tools Fall Short as Enterprises Hit Hard by Phishing Attacks

Enterprise users receive unfiltered phishing messages nearly every day of the week, and most of them are not properly trained to recognize or safely react to them, according to new survey data released today by PhishMe.

More than two thirds (69 percent) of security professionals say they encounter phishing messages that get past anti-spam filters and reach users’ email boxes at least a few times a week, according to a survey of attendees conducted by PhishMe at the Black Hat USA conference in Las Vegas two weeks ago. Almost a quarter of the respondents said they see such messages in users’ mailboxes multiple times every day.
 
“Phishing” is an online attack in which the attacker sends a fraudulent message that appears to be helpful or innocuous, but actually contains malicious code or leads the user to a malicious website. These attacks are sometimes targeted at specific individuals or groups of users within an organization, an attack known as spear phishing.
 
Spear phishing has become a popular method of infecting enterprises with malware, according to PhishMe. In the survey, more than one quarter (27 percent) of security professionals said that top executives or other privileged users in their enterprises have been compromised by spear phishing attacks within the last 12 months. Another 31% of security pros said they weren’t sure whether their executives or privileged users had been hit with such attacks.
 
“Many enterprises believe that because they are using spam filtering tools or other email security technologies, they are safe from phishing attacks,” said Scott Greaux, Vice President of Product Management & Services at PhishMe, which offers a service that simulates phishing attacks to help train users on how to react to them. “What we found in our survey is that despite such filters, end users are presented with live, malicious attacks in their inboxes nearly every day.”
 
With so many unfiltered phishing messages getting through, it is up to the end user to decide how to react – whether to open the message, click on a link, or delete the message before it can do any damage. But PhishMe’s survey of Black Hat attendees indicates that most end users receive only a bare minimum of security awareness training. Nearly half (49 percent) of the respondents said their users receive training only once a year; nearly one tenth (9 percent) said their organizations have no security training programs at all.
 
Among organizations that do provide security training programs, many rely heavily on scripted, delayed forms of instruction that do not provide metrics to program managers and administrators, the survey said. In fact, three of the top four training methods listed by Black Hat attendees – recorded video/computer-based training (39.4 percent), paper tests/quizzes (32.9 percent), and handbooks/printed guides (28.5 percent) – are largely unsuccessful. Only 16 percent of security professionals train their users via simulated attacks (multiple responses were allowed).
 
“This survey demonstrates with great clarity that phishing attacks – particularly targeted attacks – are getting through to end users with alarming regularity, yet most organizations don’t train their users on what the most current attacks look like or how to react to them,” said Aaron Higbee, CTO and co-founder of PhishMe. “If enterprises are going to protect themselves, they need a realistic, regular training regimen that helps users make the right decisions when they see a potential phishing attack – passive security awareness that doesn't focus on tracking behavior modification is ineffective.”
 

Featured

  • Allegion, Comfort Technologies Implement Mobile Credentials at the Artisan Apartment Homes in Florida

    Artisan Apartment Homes, a luxury apartment complex in Dunedin, Florida, recently transitioned from mechanical keys to electronic locks and centralized system software with support from Allegion US, a leading provider of security solutions, technology and services, and Florida-based Comfort Technologies, which specializes in deploying multifamily access control, IoT devices and software management solutions. Read Now

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events
  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

New Products

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.