The new research stresses the need for user training and email reporting as spear phishing attacks climb
Proofpoint, Inc., a leading cybersecurity and compliance company, has released its sixth annual global State of the Phish report, which found that 54 per cent of surveyed Australian Infosec professionals faced phishing-triggered ransomware infections in 2019 — more than any of the other six countries surveyed, including the U.S., UK, Japan, Germany, France and Spain. That said, Australian working adults were the most likely of all global respondents to correctly identify the definition of ransomware.
Proofpoint’s annual State of the Phish report examines global data from nearly 50 million simulated phishing attacks sent by Proofpoint customers over a one-year period, along with third-party survey responses from more than 600 information security professionals in the U.S., Australia, France, Germany, Japan, Spain, and the UK. The report also analyses the fundamental cybersecurity knowledge of more than 3,500 working adults who were surveyed across those same seven countries*.
“Australian organisations must take an active approach to cybersecurity education. Criminals are constantly refining their attack methods, using sophisticated emails lures, phone calls, and SMS to snare as many victims as possible,” said Crispin Kerr, Australian and New Zealand Country Manager for Proofpoint. “Attackers do their homework, and their messages often seem personally relevant to recipients. Regular company-wide training is crucial to make sure staff can spot the warning signs and keep themselves and their organisation safe.”
Additional key Australian findings include:
- The research also uncovered that 63 per cent of Australian companies provide company-wide cybersecurity training—highlighting the opportunity for increased user training to help combat cyberattacks in 2020.
- Cybercriminals are also using increasingly sophisticated methods to lure victims. 52 per cent of Australian organisations experienced vishing, which sees criminals impersonating legitimate sources via phone calls, while 58 per cent experienced smishing, which uses SMS as a channel to attack users.
- The report also showed more than half (56 per cent) of Australian organisations report that rate of phishing attacks observed either decreased or stayed the same in comparison to the previous 12 months, reflecting the new tendency of criminals to forgo high-volume attacks in favour of more targeted methods.
- Despite 79 per cent of Australian organisations reporting a reduction in phishing susceptibility after the delivery of cybersecurity training, just over half (53 per cent) conduct active cybersecurity training by way of simulated phishing attacks — one of the most effective way of educating staff.
To download the State of the Phish 2020 report, and see a full list of global comparisons, please visit Marketplace
*Of these global data sets, 65 Australian Infosec professionals were surveyed and at least 500 working Australian adults were surveyed as part of this initiative.
