Spear phishing targets one in two organizations

Proofpoint announced findings from a survey of security IT enterprise decision makers, about email and information security trends.

Key findings include:

Spear phishing is an increasingly serious threat: Half of all respondents (51%) believe that, in the past year, their organization was targeted by a phishing email designed specifically to compromise their own users. Another 31% do not believe they were the target of such an attack and 18% reported they did not know.

Larger organizations are more susceptible to phishing attacks: Among organizations with 1,000 or more email users, more than half of respondents (56%) believe their organizations were targeted by a spear phishing attack. Of this group, 27% do not believe they were the target of a spear phishing attack and 17% reported they did not know. Comparatively, organizations with fewer than 1,000 email users reported fewer spear phishing attacks—42% believe they had been targeted, 39% did not and 19% didn’t know.

Spear phishing attacks are often the root cause of security breaches: More than one third (34%) of respondents who reported experiencing a spear phishing attack in the past year (17% of all respondents) believe that attack resulted in the compromise of user login credentials (e.g., usernames/passwords) or unauthorized access to corporate IT systems.

Outbound email reported as the greatest source of data loss risk: Asked which of five risk vectors—outbound corporate email, social media, lost or stolen mobile devices, and online file sharing/collaboration and short messaging services—they felt posed the greatest risk of data loss to their organizations, respondents chose outbound email by a small margin.

Results are as follows:

  • 22% feel outbound email sent from their organizations is the greatest source of data loss risk
  • 19% feel that online file sharing/collaboration solutions (e.g., services such Dropbox, Box and others) are the greatest source of data loss risk
  • 18% feel lost or stolen mobile devices are the greatest source of data loss risk
  • 17% feel postings to social media sites (e.g., Facebook, LinkedIn) represent the greatest source of data loss risk
  • 3% feel that short messaging services (e.g., Twitter, SMS text messaging) are the greatest source of data loss
  • 21% of respondents say they “don’t know” which vector poses the most risk.

More than 330 survey participants submitted their answers via a web-based survey at Proofpoint’s booth at the Microsoft TechEd 2012 conference (June 2012). More than half of respondents were from organizations with 1,000 or more email users. Approximately 99% of respondents held security, risk management/compliance, CIO/CTO/CSO/CISO or other IT job roles, while 1% held academic roles. All respondents considered in these statistics demonstrated familiarity with their organizations’ email security solutions.




Share this