Proofpoint has released its global 2019 State of the Phish Report, which found that APAC organisations are the most likely to experience account compromise and data loss as a result of successful phishing attacks when compared to their global counterparts (North America and EMEA).
The report uncovers phishing cyberattack trends across more than 15 industries and details the fundamental cybersecurity knowledge of more than 7,000 working adults in Australia, the U.S., France, Germany, Italy, Japan, and the UK. Data from tens of millions of simulated phishing attacks sent over a one-year period were analysed along with nearly 15,000 cybersecurity professional survey responses, from both Proofpoint customers and outside organisations, to provide an in-depth look at state of global phishing attacks.
Across the globe, infosecurity professionals reported an increasingly active social engineering landscape in 2018 and the vast majority of global respondents (96 percent) said the rate of phishing attacks either increased or stayed consistent throughout the year. Proofpoint uncovered that APAC infosecurity respondents were five times more likely than those in EMEA to experience 26+ smishing (SMS/text message phishing) and vishing (voice phishing) attacks per quarter. In comparison to their North American counterparts, APAC respondents were about twice as likely to say they faced 26+ quarterly spear phishing attempts.
The global increase in phishing attacks emphasises the continued shift in the cybersecurity threat environment towards targeting people; thus, educating employees about today’s cyber threats is essential. In the global survey of working adults, Australian respondents were able to identify the following cybersecurity terms correctly: phishing (64 percent), ransomware (58 percent correct), vishing (20 percent correct), and smishing (17 percent). These findings spotlight a knowledge gap when it comes to the language security teams are using when communicating to end users.
“Australian organisations are battling an ever-changing and persistent threat landscape aimed at compromising employees to gain access to sensitive company data,” said Tim Bentley, Proofpoint’s vice president of Asia-Pacific & Japan. “It is critical that organisations establish a people-centric security strategy that prioritises continuous employee education about social engineering threats and regular testing through simulated phishing attacks.”
Steps to improve effectiveness of cybersecurity efforts
Australian organisations can further improve the effectiveness of their cybersecurity efforts to reduce account compromise and data loss by taking the following steps:
- Speak the right language and speak it frequently: Information security teams should make it a point to educate employees at a fundamental level. Terminology that is commonly used in some circles is not necessarily recognisable across all job functions, even if those terms have a vital link to overall security postures.
- Simplify reporting and remediation: To best take advantage of increasing phishing awareness, Australian organisations should make it easy for end users to report suspicious messages and make it easy for response teams to take action.
- Get to know your VAPs (“very attacked people”): Information security teams need to identify the people and places that are within attackers’ crosshairs, and how many attacks are getting through. This offers a unique opportunity to move away from assumptions about vulnerabilities, and shift focus to areas that could be most prone to falling for attacks that slip past perimeter defences.
To download the 2019 State of the Phish Report, and see a full list of global comparisons, please visit: https://www.mysecuritymarketplace.com/product/state-of-the-phish-2019/.
